Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw
Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third time’s the charm?
Over the last two years, security researchers have dug up one technique after another that lets a hacker trick Intel’s microprocessors into spilling a computer’s deepest secrets. As those flaws have been exposed, chipmakers have scrambled to patch them. But for one serious form of those attacks it turns out that Intel still hasn’t successfully patched the underlying problem despite 18 months of warnings—and not one but two failed attempts to do so.
On Monday, Intel announced that it will issue yet another update to its processors designed to solve a problem it calls “microarchitectural data sampling,” or MDS. Different teams of researchers who independently discovered the issue call it RIDL or Zombieload, and warned Intel about the problem as early as June of 2018. The new update, which Intel says will be made available “in the coming weeks,” is intended to fix two methods to exploit Intel chips via MDS, which have remained possible even after Intel released MDS patches in May of 2019 and then again last November. Some of the researchers first warned Intel about the more serious of the two flaws that it’s trying to fix now in a paper shared with Intel fully a year ago. Other researchers even shared proof-of-concept code with the company last May.