Last year saw the release of the Spectre and Meltdown vulnerabilities, but researchers warned that this pair of flaws was just the start of something bigger. ZombieLoad is the newest vulnerability to leverage a similar type of attack.
While there isn’t a lot to say about ZombieLoad that hasn’t already been said, here’s what you need to know. First off, it affects nearly every Intel processor made since 2011. Secondly, since it directly affects the processor, it’s OS agnostic—this flaw is present on Windows, Mac, Chrome OS, Linux, and pretty much any other operating system that runs on an Intel chip.
The good news? Most of the major players have already patched the vulnerability (or will do so very soon)—Apple has a fix for every Mac and MacBook released since 2011, Mozilla is making sure Firefox is safe, Microsoft is rolling a fix out to Windows, and Amazon is deploying a patch for AWS. Google said that most Android devices aren’t vulnerable—you know, since most don’t use Intel chips—but a patch has been developed and will need to be distributed by manufacturers. Affected Chrome OS devices are good to go as of Chrome OS 74, though it may cause a bit of a performance hit until the permanent solution becomes available in Chrome OS 75 as the temporary fix disabled hyperthreading.
Without getting overly-technical, ZombieLoad does its thing by leveraging something called, get this, a zombie load. A zombie load contains clusters of data that the processor can’t, erm, process, so it has to request assistance from microcode to avoid crashing. The ZombieLoad vulnerability allows attackers to leverage this process to access any data currently loaded in the processor’s core in real-time. Since the processor sees all, you can imagine why this is such an issue—usernames, passwords, sensitive account info, and the like are all potentially at risk here.
On the upside, researchers only recently found this vulnerability, and there’s no proof that it has been leveraged out in the world yet. Now that the word is out, however, it’s sure to pique the interest of every wrong-doer with the know-how, so it’s critical that you make sure to patch your devices. Install those updates, folks! [TechCrunch, The Verge, Wired]
In Other News
Disney buys Comcast’s stake in Hulu, OnePlus officially announces the 7 Pro, Google is getting more ads, Facebook brings back “view as public,” and more.
- Disney now has full control of Hulu: Disney is poised to buy Comcast’s stake in Hulu and will take full control of the streaming service effective immediately. Nothing will change in terms of content as of now, as Comcast agreed to extend the licensing of NBCUniversal content until “late 2024.” After that, however, we’ll have to see. [Ars Technica]
- The OnePlus 7 Pro is official: It features a notchless 6.67-inch 90 Hz QHD+ display with a 93 percent screen-to-body ratio and pop-up selfie camera, Qualcomm Snapdragon 855 CPU, up to 12GB of RAM, and other beastly specs. All for a starting price of $669. It’s a monster. [OnePlus]
- New Google ads are coming: Google announced all sorts of new ads yesterday, mostly for mobile. Google Search is getting more intrusive ads, as is the Discover feed. Yay? [The Verge]
- Facebook is bringing back “view as public”: Remember the Facebook feature of old that allowed you to see your profile the way others saw it? Well, it’s coming back—hopefully, it’s more secure this time. [Engadget]
- AT&T will pull content from Netflix for its own thing: You ever sit back and think “man, if only there were 17 more streaming services with all different content!” Well, boy, do we have good news for you! AT&T is gearing up to launch a streaming service, and when it does, you can say goodbye to things like Friends and The Office on Netflix. Great. [Android Police]
- Google to pay some Pixel owners in a class-action lawsuit: The suit states that the company knew the original Pixel had a faulty mic, yet they sold it anyway. Now Google will have to pay up to $500 to some users. All Pixel and Pixel XL devices made before January 4th, 2017 are covered. [The Verge]
- A new Mortal Kombat movie is coming: Look, maybe you don’t care about this, but I’m already hyped. I need more live action Baraka. [Engadget]
Google is combining and renaming a bunch of services in its latest shift. First off, Google Trips, Flights, hotel search, and similar services you probably didn’t know Google offered are going to be a singular service called Trips. You can check it out now. Secondly, as previously rumored, Google Express is becoming Google Shopping, and it’s getting integration with Google Images, Discover, and YouTube. This will make it even easier to buy things using Google Shopping. They’re coming for you, Amazon. [The Verge, Android Police]