You have heard of Spectre and Meltdown, and now you can add Zombieload to the list of so-called side-channel Speculative Execution hacks which can steal data from modern processors.
The flaw allows hackers who are running software on your PC to extract recently accessed data from your PC without needing to have full access. This would, for example, allow software running in a virtual machine on a server to see the data from another company running on the same server.
See the proof of concept video, which shows an app being able to read the websites you visit, below:
The exploit could as easily read secure tokens or other passwords.
Discovered by researchers from Graz University of Technology, the flaw has been already been patched earlier by Apple and Google, and the fix was today part of Microsoft’s Patch Tuesday.
It affects most Intel processors released since 2011. AMD and ARM chips are not affected.
Read more about the flaw at the Zombieload website here.