Zombieload v2, another new vulnerability that affects intel cascade lake
Table of contents:
All Haswell- based Intel CPUs up to the latest Cascade Lake CPUs have been found to be vulnerable to a new variant of Zombieload attacks, now known as Zombieload V2, as detailed in this whitepaper.
Zombieload V2 affects from the Haswell CPUS to the recent Cascade Lake
Zombieload V2 marks the fifth entry in the Microarchitectural Data Sampling (MDS) list of vulnerabilities, based on four previously discovered and patched vulnerabilities for the first half of 2019. Intel's HEDT and enterprise microarchitecture, Cascade Lake, was initially believed to be immune to Zombieload-type security attacks, although this has proven to be untrue, as Zombieload V2 may very well compromise a Cascade Lake system, not to mention microarchitectures prior to Cascade Lake dating back to 2013 for Zombieload V2 and 2011 for the original Zombieload vulnerability.
Due to the nature of Intel's microarchitectures, patches cannot be deployed at the hardware level. Intel's workaround is to release a microcode update in the form of a firmware patch that will be available through motherboard manufacturers as the BIOS updates. Patches may also be available through an operating system patch.
Visit our guide on the best processors on the market
How does Zombieload V2 work?
Zombieload V2 is enabled by the Asynchronous Abort operation of Intel CPUs as part of Transactional Synchronization Extensions (TSX) when malware executes read operations on the CPU. When this occurs, other data that is currently being executed or stored in the CPU may become readable to external entities. Due to the inclusion of TSX in its processors, Zombieload is possible. As for AMD CPUs, AMD has not included TSX, and therefore AMD CPUs are immune to Zombieload.
Linux has a new vulnerability that affects android
A new vulnerability has been discovered in Linux that also affects Android and allows hackers to gain access to devices.
A knob vulnerability affects almost all bluetooth devices
Some researchers have discovered a flaw called the KNOB vulnerability that affects most Bluetooth enabled devices.
Jcc erratum, new vulnerability of cpus intel affects performance
JCC Erratum, Intel has revealed 77 vulnerabilities ranging from processors to graphics and even ethernet controllers.