Zombieload - New Intel CPUs Flaws like Meltdown and Spectre
Zombieload, another Intel processor side-channel attack. Update your OS soon
The Vulnerabilities allow attackers to gather sample data while switching between processes, then interpret the contents and read data from another process that is executing on the same CPU core.
All the four bugs which are-
- Microarchitectural Store Buffer Data
- Microarchitectural Load Port Data Samping (MLPDS) - CVE-2018-12127
- Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVE-2019-11091
Worst thing is that, the attack does not only work on personal computers but can also be exploited in the cloud.
Update it! Patch already Released
Now there is good things is that Intel has already released a patch for these bugs as a Microcode Updates (MCU). All the users using various operating system like Windows, Linux, Mac and BSD are recommended to update their system as soon as they're available for their systems.
Patch Status for Operating System
Intel had more than a year to get this patched, and the company worked with various OS and software vendors to coordinate patches at both the hardware and software level. Both the hardware (Intel CPU microcode updates) and software (OS security updates) protections must be installed at the same time to fully mitigate MDS attacks.
Microsoft have also pushed the update for Windows and Windows Server, but also SQL Serverdatabases.
Apple have also pushed the patch for MDS attacks with the MacOS Mojave 10.14. 5.
Google also made the updates for its several products, which can be found on this help page.