Zombieload V2 is here. First discovered in May of this year, it was described as a successor to the infamous Meltdown attack. That was a data-leaking side-channel vulnerability that impacted all Intel processor generations from 2011 and beyond.
Intel hasn't had a good run of late, being beset almost constantly by these kinds of issues, and Zombieload was one of three new MDS variants discovered.
The company struggled to deal with the issue and finally resolved it, much to the relief of a beleaguered user base. Now, a new threat has emerged in the form of Zombieload V2. It was discovered by the same group of security researchers who discovered the initial Zombieload flaw, and the issue is being tracked as CVE-2019-11135.
The following chipsets are vulnerable to this type of attack:
- Ivy Bridge
- Kaby Lake
- Kaby Lake-R
- Coffee Lake-S
- Coffee Lake-R
- Sandy Bridge-EP
- And Cascade Lake
Intel has dubbed this issue as a "Transactional Synchronization Extensions Asynchronous Abort" vulnerability, or TSX TAA, for short. In order to exploit the flaw, the hacker has to be onsite with the machine and have the ability to monitor the execution time of TSX regions. That is, in order to infer memory state by comparing abort execution times.
The flaw impacts desktops, laptops, and cloud computers running the affected chipsets. The limitations surrounding the issue make it relatively difficult (but certainly not impossible) to pull off, which is perhaps the only silver lining in the discovery.
The other bit of good news is this: Intel has already released microcode patches to address the issue. So if you have a machine that's running one of the at-risk chipsets, you can get the fix right now. Although it's unlikely it could be used against you, patching the vulnerability is highly recommended.
If you have any questions about Zombieload V2 or general inquiries about ransomware in general, please reach out to our team.