One more day, another major security hole revealed in processors Intel and a lot like vulnerabilities Specter and Meltdown, discovered last year.
How did you bring the TechCrunch, the new fault, called ZombieLoadallows attackers to use processor vulnerabilities to spy on and capture information about machines, such as accessed websites, passwords, secret codes, messages, and personal data. All Intel processors from 2011 onwards are affected by the breach, but ARM chips do not suffer from the same flaw so Series A processors, which equip iPhones and iPads, are safe.
On the vulnerability itself, it takes advantage of flaws previously exploited by Specter and at Meltdown whose operation we have already explained in this article. Roughly speaking, it is a technique that uses malicious programs that take advantage of the speculative process execution processors (used to improve performance and data processing time) to capture non-program related processes themselves, but the whole system.
The video below shows the vulnerability being exploited in a proof of concept note how all browser user activity is promptly logged in the side window:
Correes on the way
Several operating systems have issued updates that address the vulnerability. O macOS Mojave 10.14.5, released yesterday, already immune to the problem; Security updates have been released in parallel for users who are still in macOS Sierra and High Sierra. Google and Microsoft have also released updates.
This Apple support page further explains actions taken to inhibit vulnerability. According to the company, the update corrects several of the holes that made the ZombieLoad possible, but not all of them; There is, however, a “full mitigation” option that can be activated through the Terminal which, as a side effect, can be compromise machine performance by up to 40%.
Apple points out that its standard fixes, included in the latest updates, completely protect the "common" users of macOS. The company only recommends that high-risk users or those using unauthorized software have the option to “fully mitigate” those who want to do so, a tutorial has been made available on this other support page.
So the tip is always the same: keep your systems up to date and adopt sensible navigation practices with this, you are unlikely to deal with problems at any time.