What Is ZombieLoad Attack? – Here’s How to Protect Yourself from It

ZombieLoad is one of the newly discovered security flaws termed MDS. Learn about what it is and how to get protected against it.
Logo design Credit Natascha

So, you got yourself a premium VPN.

Your antivirus is up-to-date and you always keep it running.

You never go online without the VPN and the antivirus program both running together.

You make sure that anyone accessing your computer through any external channels passes through a thick, extra solid wall of security.

You have literally plugged out any extra USB or any other ports.

In short, you have taken all the conventional and unorthodox steps to keep your computer secured.

And, yet… Your computer is STILL vulnerable and your data continues to be insecure—all due to a hardware vulnerability called ZombieLoad.

Read on to find out what this vulnerability is, how you or anyone else is affected by it, and what can you do to protect your computer against it.

First off, let’s introduce this vulnerability:


The recent lineup of Intel 86x processors has been found to be weak against a series of sophisticated technical vulnerabilities known as MDS type attacks.

A total of four of them have been discovered until now, where ZombieLoad is the latest in the series.

Being a hardware weakness, it equally affects all the major platforms, including Windows, Linux and macOS.

The data exposed in this attack could be anything from user logins and passwords to browsing history or anything else that the processor might be handling at the time or right before it.

The ZombieLoad attack has been found to be successful against standalone machines as well as cloud machines.

What’s Happening Underneath?

Computer processors are working on a multitude of tasks at the same time. Sometimes, a single program is being processed by parallel processing threads.

Modern computers are not only processing multiple threads but also managing multiple processors working simultaneously on different programs.

So, not only can a program be run by multiple processors or threads, but a single processor may also be running multiple copies of the same program.

The data being used in these programs or their copies is only accessible to these programs alone. Copies of the same program are not even authorized to see each other’s data unless allowed.

This enables smooth operations without any mashup of data.

A ZombieLoad type attack creates a temporary window of time in which the logical walls around the data being used by one program are broken down and another program is able to read it.

How Does It Happen?

It may look like something that shouldn’t even happen since we are talking about an industrial giant producing specialized goods.

However, this flaw is not easily exploited. Some very complex microarchitectural conditions must be met first.

These include:

  • The processor must be handling large amounts of data, or overloaded with data, so much so that it may fail to handle it properly.
  • It has to use the fill buffer after failing to get an L1 hit for memory load.
  • The processor needs to face further complex microarchitectural conditions, such as a fault, which will force it to use microcode assists.
  • And after all that, the fill buffer will be, for a small temporary window, showing stale values before finally being flushed out for new ones.

Unlike other meltdown type vulnerabilities, the difference here in ZombieLoad is that only the information being processed recently or right now can be accessed and that too through the fill buffer register.

So, the vulnerability, or the leak, seems to be limited at first. However, researchers have shown that it can be more devastating when used with other traditional side channel attacks.


ZombieLoad attack demonstration, via Cyberus Technology

Good News

Intel processors leaking any kind of user data without anyone knowing does paint a very grim picture. It puts millions of PCs and other devices at risk.

The good news is that ZombieLoad, which is a recent discovery, hasn’t been confirmed to be exploited by hackers, yet.

It is part of a new class of complex attacks which haven’t yet been discovered or used, in written documentation at least, by hackers or researchers. They are termed as MDSMicroarchitectural Data Sampling attacks.

This also brings us to the bad news. Since MDS is a completely new kind of playground, the probability is that we will keep on hearing more about similar vulnerabilities in the near future.

This is just the beginning.

Am I Affected?

All of this brings us to the basic question — Are you affected or not?

Truth be told, ZombieLoad affects all Intel 86x processors from 2011 until the very recent iterations. So, if you are using an Intel processor then you ARE affected.

People who use AMD processors can take a sigh of relief because luckily, you are immune to these attacks.

Having said that, ZombieLoad has been successfully tested on standalone PCs, virtual machines and cloud systems.

Businessman backup data from laptop and tablet device to cloud service
Having said that, ZombieLoad has been successfully tested on standalone PCs, virtual machines and cloud systems.

So, you may not be directly affected if you use an AMD, you could still be affected indirectly through the cloud.

If you are an Intel user, it puts you in an awkward position. You know for sure that you are at risk, but no one can guarantee that you have not been exploited.

So, don’t panic yet — but also don’t ignore the situation. You aren’t targeted right now, but that doesn’t mean you won’t be in the future.

Thus, it is best to take measures to keep your PC protected against ZombieLoad.

How Do You Get Protected?

People who use PCs, Macs, Chromebooks and Android devices: It is time to unite in this fight against the common threat.

So, forget your differences and get yourself protected.

Intel has already released a software patch to counter the issue. However, for that to be effective it needs to be implemented by all operating systems and software developers.  

Major companies have already rolled out their own patches with Intel’s fix.

Check out the information below to see what you need to do to get your device protected.

Protection from ZombieLoad for Microsoft Windows

The biggest of the bunch to be affected by this vulnerability are Microsoft Windows users.

Any version of Windows is affected if it is running the flawed Intel processor.

Windows 10

For Windows 10 users, Microsoft has already released updates that take care of this flaw.

You can still check it out yourself if you want to be extra sure by:

  • Write windows update in your search bar and then press the Check for updates button to get the update. Then download and run it.
  • OR, you could download the patch from Microsoft’s website yourself.

Windows 7, XP & Older Versions

Although Microsoft has discontinued support for older versions of Windows, looking at the seriousness the threat poses, they have released a security update for them too.

Protection from ZombieLoad on Apple Products

Apple has also released patches for all of their machines that run the Intel processors since 2011.

They haven’t released it for all of their OS versions.

Mac and MacBook

A ZombieLoad patch has been released for macOS Mojave 10.15.5 running on machines from 2011 onwards.

Patches for older machines, Sierra and High Sierra are still awaited.

iPads and iPhones

Users of the iPhone and iPad can rejoice. These devices are not affected by ZombieLoad.

Protection from ZombieLoad on Android

For users running an Android device: Most of you won’t have to do anything at all.

Most of the Android devices don’t run on Intel-based chipsets.

However, for the ones that do, the device manufacturer will be responsible for providing you with an update or a software patch.

Usually, these patches come in the form of software updates that you can find in the Settings app under either About or System information.

Apply these updates or visit your respective manufacturer’s website to check for the latest update regarding the issue.

To keep your Android devices protected, you’ll need to run these patches.

Protection from ZombieLoad on Linux

A new version of the Linux kernel has been released for all the Intel processors since 2011 and everyone is highly encouraged to upgrade to it.

Linux, famous for its different distros, has all of them busy with releasing patches and protection guides against the ZombieLoad vulnerability.

So, Linux users will have to follow their specific distro for updates and a specific patch.

Protection from ZombieLoad on Chromebook

Chromebook owners need not worry since Chrome OS auto-updates itself. Unfortunately though, the latest version Chrome OS 74, which is immune to ZombieLoad, does it by disabling hyperthreading, slowing the machine down.

Later releases may take care of the performance issue. Let’s keep our fingers crossed.

The Downside

Yes, you got yourself protected. You have taken the steps to ensure that ZombieLoad or any of the other MDS vulnerabilities do not affect your device.

Sadly, there is still a downside to all this.

It has been proven that disabling hyperthreading is the only way to really fight this problem. This basically means that whichever platform you use, when you apply the software patch you will most definitely experience a minor to a significant loss in performance.

Intel company logo
Intel has announced it will be redesigning its processors, and the most recent ones with an updated firmware are protected from these vulnerabilities.

The problem lies in the hardware and all these solutions do is provide a workaround.

Intel has announced it will be redesigning its processors, and the most recent ones with an updated firmware are protected from these vulnerabilities.

So if you really want to get protected without any side effects, ignoring that blow on your budget, then break the bank for a new processor.

More from Muhammad Adnan Ikram
9 Best Online Shopping Security Tips
The holiday season is upon us, and it’s time to indulge in...

Leave a Reply

Your email address will not be published. Required fields are marked *