After Intel on Tuesday revealed a new class of speculative execution vulnerabilities, which impact all its modern CPUs, the researcher who was part of the team that discovered one of these flaws is sounding off on the disclosure process behind it.
The speculative execution flaw, ZombieLoad, is an attack related to CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That's because this attack leaks the most data – attackers are able to siphon data from system applications, operating system and virtual machines.
ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including Meltdown). Gruss talks about how the team first discovered the attack.