Zombieload, the latest Intel Speculative Execution vulnerability, has been patched today

Zombieload, the latest Intel Speculative Execution vulnerability, has been patched today

Zombieload, the latest Intel Speculative Execution vulnerability, has been patched today

The vulnerability, named Rogue In-Flight Data Load, was discovered a year ago but only just made public to give Intel time to develop an acceptable fix.

The so-called Meltdown and Spectre flaws came to be known as side-channel attacks. The vulnerability could let hackers read almost all data flowing through one of Intel's chips, though the company said the attack is hard to carry out and that it has not seen it used outside of labs. The official reference number for Zombieload is CVE-2019-12130 and the latest Intel microcode update puts protections in place to mitigate the issue.

A "zombie load" is a high amount of data that the processor can not properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing.

The exploit, dubbed ZombieLoad, is embedded in Intel's processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips' performance. This should prevent data from being read. The company also says some processors shipped in last month have fixed the vulnerability.

Botezatu said Bitdefender found the flaw because its researchers were increasingly focused on the safety and management of virtual machines, the term for one or more emulated mini-computers that can be spun up inside a larger machine - a key feature of cloud computing.

Those who discovered the attacks include researchers from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of MI, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and Cyberus, BitDefender, Qihoo360 and Oracle, Wired says.

Mozilla has also said that it is working on a long-term fix for its Firefox web browser for macOS, and Firefox Beta and Firefox Nightly versions have the patch already installed. Furthermore, neither Intel nor the researchers have released exploit code which indicates there's no direct and immediate threat. So far, however, the slowdowns have been minor. For starters, there are easier ways to hack into a computer.