New Spectre-esque security flaw found

null

A new vulnerability has been found in Intel's processors reminiscent of the Spectre and Meltdown flaws which had everyone up in arms last year.

For those of you in need of a memory refresh – Spectre and Meltdown were two flaws which allowed hackers to pull out sensitive data directly from the computer's processor, including passwords.

Given the scope of those flaws (pretty much all compuational devices out there), manufacturers rushed to get a fix out, many of which caused even greater problems.

The new vulnerability, called ZombieLoad, works on the same principle as the ones we've seen last year. It's a side-channel attack made up of four individual flaws in the Intel chip itself. When the processor receives more data than it can handle, it employees the microcode to make sure it doesn't crash. This can be described as data leakage, which malicious actors can exploit.

All processors, from 2011 until today, are vulnerable. AMD and ARM chips are safe, though.

As sinister as all this may sound, it's still not that easy to mount an attack using these vulnerabilities. In fact, hackers would still need you to download a virus in order to be able to use the vulnerability.

According to Daniel Gruss, one of the researchers who discovered the latest round of chip flaws, the flaw is easier than Spectre, but harder than Meltdown.

Image Credit: Maksim Kabakou / Shutterstock