Yet another vulnerability has been discovered in Intel processors dating back to 2011. The vulnerability, named ZombieLoad, is as serious as Spectre and Meltdown and affects all desktop and laptop devices using Intel processors, in addition to cloud servers and associated virtual machines. This presents an obvious threat to customers of cloud-based computing services where isolation from other customers’ virtual machines is critical.
The vulnerability is part of a new class of CPU attacks, brought to light by Spectre and Meltdown, known as transient execution attacks (PDF). Such attacks exploit a feature of modern processors known as speculative execution, which allows the processor to predict the outcome of a condition, executing the most likely instruction to resolve the condition. If the prediction is correct, performance is noticeably improved. If the prediction is incorrect, side-effects of the incorrect prediction can cause sensitive data to be retrieved from the CPU’s buffers. Attacks which take advantage of such side-effects are known as transient execution attacks.
Normally, applications are prevented from reading data from other processes running on the CPU. Transient execution attacks show that it is theoretically possible for applications to leak data across processes, privilege boundaries, Hyperthreads and between virtual machines. What this means for the user is that a malicious application could take advantage of this vulnerability and use it to read sensitive data from another application or process. Such data includes passwords, encryption keys, browser history and website content. The researchers who discovered the vulnerability have released a video demonstrating exploitation of this vulnerability to expose browser history in real-time.