So after meltdown, spectre and foreshadow, a new vulnerability was discovered in almost all the modern Intel processor since 2011! Zombieload attack allows attackers to steal sensitive data and keys.
This attack can steal information like your browser history, website content, password, and disk encryption keys. This attack is not limited to personal computers, it can be even exploited in clouds. Processors for desktops, laptops, and cloud servers are all impacted. Intel said ZombieLoad is made up of four bugs, which the researchers reported to Intel just a month ago. According to Intel, the threat level is medium, but researchers are very serious.
Researchers showed a proof video that the flaws could be exploited to see which websites a person is visiting in real-time. The good thing is that big tech companies like Apple, Google, Microsoft, and Amazon are stepping in to fix this security flaw with a patch. Intel has released patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake chips are also affected.
Zombieload is far more dangerous than Meltdown and Spectre which were discovered last year. This process to access your data is complex and there are easier ways to do that. This was a big design flaw from Intel’s Security team point of view. Now, the main thing to worry about is what’s coming next. Since these are hardware flaws so the bugs cannot be completely eliminated.