If you’re reading this from a PC, or at least own one, odds are you’re affected by this problem and it’s best that you update yours immediately.
Big tech companies like Apple, Google, Amazon, Microsoft, and Mozilla have all made patches available to address a security flaw that is currently present in Intel chips dating back to 2011. Apparently, the flaw named ZombieLoad can leak sensitive personal information that’s supposedly stored safely in your computers like passwords, secret keys, and account tokens and private messages.
However, security researchers have said that the threat is something the general public shouldn’t worry about. At least not yet.
According to reports, research on the specific function that hackers can exploit to retrieve data from your PCs is relatively new. Basically, there’s hardly any information about it; that serious threat can easily be mitigated right now with security patches and the like.
Moreover, in order to access your PC, hackers need to have a specific set of skills, knowledge, and effort if they want to push through with trying to get into your computer through ZombieLoad.
In general, there still are easier ways to snoop around your computer other than the latest security flaw that’s posing as a threat. At the time of writing, there weren’t any known reports of any breaches in user security. But nonetheless, it’s still wise to get the latest security patch that manufacturers have started to roll out.
Apple included fixes for ZombieLoad in their latest macOS Mojave 10.14.15 and Security Update 2019-003 for Sierra and High Sierra and the rest of the MacBooks made available after 2011. Though, users should not notice a significant decrease in performance.
However, only a limited number of Macs made from 2009 to 2010 can install the security updates since some of which cannot support the fixes due to a lack of microcode tech from Intel.
For users who believe that they are at high risk from the security vulnerabilities presented, Apple has published that they can opt to disable their hyper-threading processing technology to fully mitigate ZombieLoad bugs. However, they also included that users who opt to install the full version of the security update should expect a decrease in performance up to 40%. They state that “actual results will vary based on the model, configuration, usage, and other factors.”
Instructions in installation and more information here.
Google has also started rolling out their version of security patches on the ZombieLoad threat but still can’t cater to all devices under its platform.
Primarily, not all Google devices use Intel technology. So those are relatively safe against the problem at hand. Secondly, Google says that “the issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances, users and customers may need to take additional steps to ensure they’re using a protected version of a product.” Meaning, some further security updates that users can opt for would be required manually.
Meanwhile “for systems running Android on Intel-based Chrome OS devices, updates are handled by Chrome OS,” and “Intel-based systems that are not Chrome OS devices, users should contact their device manufacturer for available updates.”
For Windows updates under Microsoft, the tech giant says that they are pushing updates on their own through updates. These are for both operating software and cloud. But nonetheless, they are available on their website.
For devices using Microsoft apps, they should download updates from their device manufacturers.
Moreover, Microsoft released this alongside their post:
Customers should take the following actions to help protect against the vulnerabilities:1. Apply all available Windows operating system updates, including the monthly Windows security updates.
2. Apply the applicable firmware (microcode) update that is provided by the device manufacturer.
3. Evaluate the risk to your environment based on the information that is provided on Microsoft Security Advisories: ADV180002, ADV180012, ADV190013 and information provided in this Knowledge Base article.
4. Take action as required by using the advisories and registry key information that are provided in this Knowledge Base article.
Manufacturers listed above are some of the biggest tech companies who have rolled out their mitigation and security updates. It can be expected that all Intel-based devices would have rolled out as soon as possible.