https://zombieloadattack.com/ https://zombieloadattack.com/zombieload.pdf https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html https://github.com/IAIK/ZombieLoad https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130 https://www.youtube.com/watch?v=wQvgyChrk_g
FreeBSD people... See linux patches in and update your microcode, ports, etc. ZombieLoad Attack Watch out! Your processor resurrects your private browsing-history and other sensitive data. After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud. We verified the ZombieLoad attack on Intel processor generations released from 2011 onwards. ZombieLoad in Action In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the privacy-protecting Tor browser in a virtual machine. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
