Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Intel announces a third patch for ZombieLoad vulnerability

Intel has released yet another patch to fix the scary ZombieLoad vulnerability, the company announced yesterday.

This third patch promises to address a processor issue revealed last May with the codename ZombieLoad, or TSX Asynchronous Abort (TAA).

Though ZombieLoad was officially disclosed last year, Intel may have been made aware of the issue by independent researchers as early as June 2018, according to Wired.

The flaw – which Intel refers to as “microarchitectural data sampling” – essentially leaves sensitive user data open for hackers to grab.

Though this isn’t Intel’s first (or second) ZombieLoad patch, this latest fix aims to block two methods an attacker could use to access personal data: Vector Register Sampling and L1D Eviction Sampling.

The former is rated as a ‘low’ risk issue, while the latter is ranked ‘medium’.

Related: Best laptop

“CVE-2020-0548 is an information disclosure vulnerability with a CVSS score of 2.8, low, referred to as Vector Register Sampling. This issue is rated “low” as the user would first need to be authenticated on the target system, the high complexity of an attack, and low confidence in the attacker’s ability to target and retrieve relevant data”, explains Intel in a security blog post.

“CVE-2020-0549 is also an information disclosure vulnerability requiring authenticated local access. The CVSS score is 6.5, medium. Referred to as L1D Eviction Sampling, the severity score is higher on this one because the attack complexity is lower and the ability to target specific data higher. This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations”.

Related: Best VPN

ZombieLoad affects chips built in 2011 all the way up to Intel’s latest high-end processors, leaving almost a decade customers anxious to install a fix.

The patch will be available to download through the Intel Platform Update (IPU) in the near future, says Intel.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.