Intel Zombieload vulnerability: Here’s how it works and how you can protect yourself

Updated on 16-May-2019

Zombieload, that's what security researchers are calling the latest vulnerability to affect Intel processors up until their latest CPUs. It's a side channel exploit that allows attackers access to sensitive data purely by taking advantage of the vulnerability rather than having to push a payload onto the target system. As with Meltdown and Spectre, Zombieload comprises of four individual bugs. Almost all Intel CPUs since 2011 are believed to be affected. AMD and ARM processors are not vulnerable, so far.

How does Zombieload work?

The way Zombieload works is by pushing a significant amount of data which the processor can't process. This results in the processor having to rely on the microcode to decipher this zombie load and in doing so, applications that are currently residing on the CPU cache can access another application's data. As per security conventions, each application is only allowed access to its own data. This vulnerability, when exploited, allows access to everything that's currently stored in the CPU CACHE.

In a video, the security researchers that discovered the bug showcased how they could see which websites were being viewed on the target computer, in real time. Since the exploit gives access to everything in the target processor's cache, even passwords and other sensitive data can be easily accessed.

The researchers had informed Intel about the vulnerability last month to allow them sufficient time to patch it. Zombieload was discovered by a group of security researchers including Michael Schwarz, Moritz Lipp, Daniel Gruss (Graz University of Technology), and Jo Van Bulck (imec-DistriNet, KU Leuven).

Are you safe?

Practically all Intel CPUs including the server-grade Intel Xeon and the consumer-grade Intel Broadwell, Sandy Bridge, Skylake and Haswell chips are affected. The more recent Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected. Also, all Atom and Knights processors are included in the list of vulnerable CPUs.

Since consumer and server grade processors are affected, Zombieload can be exploited to gain access to your data stored on your personal PCs as well as your data stored on cloud services.

A proof of concept Zombieload exploit code has been released to the public via Github.

How do you protect yourself?

Update. Intel has already worked with major hardware and software companies to push a microcode update. If you're on Windows or Linux, you should have received an update with the new security patch.

As for cloud services, all major cloud service providers including Google, Apple and Microsoft have already deployed the security updates to protect the affected processors.

Does the  Zombieload patch affect performance?

Like Spectre and Meltdown, when Zombieload is patched there will be a performance impact. On consumer PCs, this will be about 3% and on server PCs the impact will be about 9%.

Mithun Mohandas

Mithun Mohandas is an Indian technology journalist with 10 years of experience covering consumer technology. He is currently employed at Digit in the capacity of a Managing Editor. Mithun has a background in Computer Engineering and was an active member of the IEEE during his college days. He has a penchant for digging deep into unravelling what makes a device tick. If there's a transistor in it, Mithun's probably going to rip it apart till he finds it. At Digit, he covers processors, graphics cards, storage media, displays and networking devices aside from anything developer related. As an avid PC gamer, he prefers RTS and FPS titles, and can be quite competitive in a race to the finish line. He only gets consoles for the exclusives. He can be seen playing Valorant, World of Tanks, HITMAN and the occasional Age of Empires or being the voice behind hundreds of Digit videos.

Connect On :