A newly discovered security flaw in Intel processors allows hackers to steal any data that’s been recently accessed by the processor. On cloud servers, it is speculated that this could allow an attacker to steal information from other virtual machines running on the same cluster.
The attack utilizes CPU side channel issues known as Microarchitectural Data Sampling (MDS), described in CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
It is not known whether the speculative attack, dubbed "ZombieLoad", has ever been used by malicious hackers. The flaw was discovered and disclosed to Intel by researchers from Graz University of Technology, and Intel has issued patches for the vulnerability approximately 18 hours ago.
We're happy to announce that already the patches have been deployed on all of Cryptee's Cloud Infrastructure, and the speculative execution vulnerabilities have been mitigated.
We strongly recommend our users to follow updates from Apple, Google and Microsoft to patch their own personal computers using the following links :
https://support.apple.com/en-us/HT210107
https://support.google.com/faqs/answer/9330250
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates