Intel on Monday announced the third in a series of patches meant to address processor vulnerabilities. The latest is closely related to issues addressed in November known as ZombieLoad 2, or TSX Asynchronous Abort. A fix will be available in the near future, an advisory notice said.
Intel said in November that ZombieLoad could enable attackers to steal sensitive data and would affect not only chips produced since 2011, but it’s latest high-end processors.
“At the time, we confirmed the possibility that some amount of data could still potentially be inferred through a side-channel and would be addressed in future microcode updates,” Intel said.
While ZombieLoad attacks have raised major concerns over this particular class of vulnerabilities, in that they enable attackers to steal sensitive data directly from the processor—meaning an attacker could easily obtain passwords, encryption keys, and more—Intel has downplayed Monday’s disclosure (CVE-2020-0548) as low risk.
“This issue is rated ‘low’ as the user would first need to be authenticated on the target system, the high complexity of an attack, and low confidence in the attacker’s ability to target and retrieve relevant data,” Intel said.
“[W]e expect to release mitigations through our normal Intel Platform Update (IPU) process in the near future,” it added.