Four new CVEs that combine to create a vulnerability called ZombieLoad affecting Intel processors were made public today, which if left unpatched could leave a computer open to a side-channel attack allowing someone to bypass protections to read memory.

The flaws, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, impacted a number of companies with Apple, Google, Microsoft and Amazon Web Services issuing updates. ZombieLoad, more formally known as microarchitectural data sampling, can leak a variety of information.

Intel posted today the problems were first identified by the company’s internal researchers, partners and independently reported by external researchers. MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques.”

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.