Intel tries to fix “ZombieLoad” fault for the 3rd time

THE Intel announced yesterday (1/27) the third fix in a series of attempts to resolve the failure of its processors known as "ZombieLoad“.

The current version of the breach was discovered last May, when the company released the first update to try to fix the problem without much success. Specifically, the vulnerabilities (CVE-2020-0548 and CVE-2020-0549) make it possible for attackers to steal data (web browsing history, passwords, messages, etc.) from machines equipped with the affected processors, some of which date back to 2011.

Last November, the company commented on the persistence of the problem and further explained how the vulnerabilities allow computers to be hacked. At the time, the company said it would launch another update to help reverse the issue, but that was also not enough.

Intel now launches the third update for its processors that aims to solve a “micro-architectural data sampling” problem, or MDS. More precisely, it aims to correct two methods used to hack chips that have remained vulnerable even after the last two updates.

At that time, we confirmed the possibility that a certain amount of data could still be accessed through a side channel and would be handled in future microcode updates.

In a statement WIRED, an Intel spokesman said the company "is making every effort to validate the PoCs for vulnerabilities as quickly as possible." He also added that Intel "is working with all the necessary parts and developing proven fixes".

The problem at this point is not even the launch of a third update, but the fact that Intel has left variants of the MDS open for more than 18 months. All this time was more than enough for crackers to have taken advantage of the breach, even though the manufacturer is not aware of any invasion cases.

In any case, Intel hopes to release the update soon to minimize the effects of this failure.