After ZombieLoad Security Flaw Found in Intel Chips, Tech Companies Step Up to Add Patches

News Intel Zombieload Featured

Just as quickly as a security flaw was found and noted in Intel clips, major tech companies stepped up to the plate to fix it. Companies such as Apple, Microsoft, and Google have implemented software patches to mitigate the risk of the ZomebieLoad security flaw. Read on to find out if your system is now protected or if there is something you need to do to rectify the problem.

Protect Your Data from ZombieLand

The ZombieLoad security flaw affected nearly every Intel chip in computers that were released from 2011 and beyond. The technical name for the flaw is microarchitectural data sampling (MDS). It’s similar to the Meltdown and Spectre flaws that were announced last year.

The security flaw is vulnerable to four new attacks that can leak sensitive data, such as passwords, secret keys, account tokens, and private messages. Luckily, many tech companies have released patches to address the flaw.

Every Mac and MacBook released during and after 2011 was affected, but Apple patched all systems running macOS Mojave 10.14.5 and beyond. It will prevent an attack through Safari, as well as other apps. Additionally, users who are worried can enable additional CPU instruction, but this could lead to a 40 percent reduction in performance. The security update will also be pushed to Sierra and High Sierra versions of macOS. Mobile devices are not affected.

Google reports that the “vast majority” of Android devices aren’t affected but Intel-only devices will need to be patched once that is available. Devices running the latest version of Chrome OS are already protected. Google’s data centers have been patched to take care of cloud customers, and those using Chrome should rely on patches for their system.

News Intel Zombieload Risk

Mozilla also has a long-term fix on the way for the Firefox browser. They applied the mitigation that was recommended by Apple on macOS, and it will be part of an upcoming Firefox release. Firefox Beta and Firefox Nightly already include the change, and no action is recommended for Firefox users on Windows and Linux.

Microsoft has released patches for both its operating system and cloud. Senior director Jeff Jones said they are “working to deploy mitigations to cloud services and release security updates.” Users may need to obtain a microcode update for their processor from the device manufacturer, while the company is pushing updates through Windows Update. Microsoft Azure customers are already protected.

Amazon Web Services has been updated to prevent attacks. They posted an advisory that said, “All EC2 host infrastructure has been updated with these new protections, and no customer action is required.”

Are You Protected

While it’s reassuring that the tech companies have jumped up to take care of the security flaw, the fact that such a wide flaw as ZombieLoad even exists is frightening enough as it is, leaving questions of whether there could be other potential widespread problems.

Chances are you were hit in some way by the Intel Zombieload security flaw. Has your system already been patched, or do you have to take action on your part to solve the problem? Let us know in the comments below.

One comment

  1. “leaving questions of whether there could be other potential widespread problems.”
    I’m sure there are undiscovered problems. The knee-jerk reaction is “Why wasn’t this caught during the QC testing?!” I doubt very much if Intel testers were sloppy in their QC testing.Even using Bayesian method, QC testing will not find all possible problems. Many flaws show up only when a specific, highly improbable, combination of events occurs. Weren’t some recent security flaws found after more than 20 years of using a particular software?

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.