Four new CVEs that combine to create a vulnerability called ZombieLoad affecting Intel processors were made public today, which if left unpatched could leave a computer open to a side-channel attack allowing someone to bypass protections to read memory.
The flaws, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, impacted a number of companies with Apple, Google, Microsoft and Amazon Web Services issuing updates. ZombieLoad, more formally known as microarchitectural data sampling, can leak a variety of information.
Intel posted today the problems were first identified by the company’s internal researchers, partners and independently reported by external researchers. MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.