This technical deep dive expands on the information in the Microarchitectural Data Sampling (MDS) guidance.
Be sure to review the disclosure overview for software developers first and apply any microcode updates from your OS vendor.
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
Intel MDS Vulnerabilities: What You Need to Know
New security flaws have been found in Intel chips—this is what you need to do right now – MIT Technology Review
“Academics have discovered four such MDS attacks, targeting store buffers (CVE-2018-12126 aka Fallout), load buffers (CVE-2018-12127), line fill buffers (CVE-2018-12130, aka the Zombieload attack, or RIDL), and uncacheable memory (CVE-2019-11091) — with Zombieload being the most dangerous of all because it can retrieve more information than the others,” ZDNet reported.
New secret-spilling flaw affects almost every Intel chip since 2011
Like Meltdown and Spectre, it’s not just PCs and laptops affected by ZombieLoad — the cloud is also vulnerable. ZombieLoad can be triggered in virtual machines, which are meant to be isolated from other virtual systems and their host device.