Intel patches Zombieload for the third time

Posted on Wednesday, January 29 2020 @ 14:47 CET by Thomas De Maesschalck
INTC
Intel rolled out a third wave of fixes for Zombieload, a vulnerability in its processors that was first discovered in June 2018. Wired writes this highlights once again that the underlying problems of these vulnerabilities are hard to fix once and for all.
On Monday, Intel announced that it will issue yet another update to its processors designed to solve a problem it calls "microarchitectural data sampling," or MDS. Different teams of researchers who independently discovered the issue call it RIDL or Zombieload, and warned Intel about the problem as early as June of 2018. The new update, which Intel says will be made available "in the coming weeks," is intended to fix two methods to exploit Intel chips via MDS, which have remained possible even after Intel released MDS patches in May of 2019 and then again last November. Some of the researchers first warned Intel about the more serious of the two flaws that it's trying to fix now in a paper shared with Intel fully a year ago. Other researchers even shared proof-of-concept code with the company last May.
The site spoke to security researchers from universities and heard they aren't impressed by the way Intel is handling these things. Herbert Bos from Vrije University in Amsterdam claims researchers are barely even trying very hard to find bugs in Intel CPUs and that the chip giant is putting in little effort:
"Security engineering at Intel (or rather lack thereof) is still business as usual," writes Cristiano Giuffrida, one of the researchers at Vrije Universiteit in Amsterdam who first discovered the MDS attacks, in an email to WIRED. "These issues aren't trivial to fix. But after eighteen months, they're still waiting for researchers to put together proofs-of-concept of every small variation of the attack for them? It’s amazing. We don’t know the inner workings of Intel's team. But it’s not a good look from the outside."


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments