A few months ago, one was discovered new critical vulnerability affecting the modern processors by Intel and is called ZombieLoad. This vulnerability allows attackers to access certain sensitive segments information. Virtually every special function of the Intel chip is used, which allows the processor to predict future commands.
Developers have introduced this feature to improve performance. In this way, the processor can read some data in advance. The processor is then able to provides future requests for various functions and perform these functions before the request is even made. The processor saves the results of these functions in the cache. Normally, applications they do not communicate with the cache and cannot read the data that is there. ZombieLoad vulnerability, however, creates a bypass and allows arbitrary programs to read data from the cache.
ZombieLoad vulnerability can cause many problems
ZombieLoad vulnerability allows it carry out various attacks related to software. It was first discovered in May and according to them researchers, allows a malicious program to obtain access in sensitive data (e.g. browser history, secret keys, passwords), which are processed by other current programs. Even the applications running on cloud they are not safe, because attackers can install and run a malicious program that works under these conditions.
ZombieLoad vulnerability affects almost all Intel chips, released by 2011 onwards. This means all MacBooks, as well as many computers Windows, Linux servers and Chromebooks are at risk. The latest processors do not have this problem but there are many users who are using previous ones and need to protect their devices either replacing hardware or installing patches. Whatever the case, the risk is high.
Software applications contain data that must be kept secret, otherwise it can cause great damage to users. Such data are passwords, encryption keys, signatures, licenses, and algorithms. If this information comes into one's hands hacker can be used for realization attacks. ZombieLoad vulnerability allows access to such information, since it allows the memory to be read.
The solution to this security issue is a well-designed application, to use additional defense measures to complement the system itself or external security mechanisms, such as anti-virus software. Applications should incorporate appropriate security features, including technical code obfuscation, white-box cryptography and anti-piracy and anti-debugging mechanisms.
If the above means are used, sensitive information will not be read even by exploiting the ZombieLoad vulnerability.
The applications themselves must be fortresses
ZombieLoad vulnerability is one of the many critical vulnerabilities that have hit technology products. Such vulnerabilities will arise in the future so it is important to develop them technologies που will turn applications into stand-alone forts capable of standing on their own.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.