ZombieLoad Attack

Return of the Leaking Dead

Watch out! Your processor resurrects your private browsing-history and other sensitive data.

After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors . The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.

While programs normally only see their own data, a malicious program can exploit internal CPU buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.

Update: L1D Eviction Sampling Leakage (CVE-2020-0549) On January 27th, 2020, an embargo ended showing that the mitigations against MDS attacks released in May 2019 are insufficient. With L1D Eviction Sampling, an attacker can still mount ZombieLoad to leak data that is being evicted from the L1D cache. We disclosed this issue to Intel on May 16th, 2019. However, as microcode updates containing the necessary fixes are not yet available, we are not releasing any proof-of-concept code. We have described our findings already in the final version of our paper. If you want to learn more about this issue, we refer to Intel's Security Advisory.

The attack does not only work on personal computers but can also be exploited in the cloud. Please make sure to get the latest updates for your operating system!