Security researchers have found a new class of vulnerabilities in [Intel] chips which, if exploited, can be used to steal sensitive information directly from the processor.,
techcrunch .com/2019/05/14/zombieload-flaw-intel-processors/
Debian patch?
Whonix patch?
Qubes patch?
x86 is fucked… get used to these news
Advantage to physical isolation?
Well, for starters that requires the Intel microcode update from Debian (already applied if you update daily). Since Whonix is Debian derivative, it is also already available.
https://www.debian.org/security/2019/dsa-4447
Also, the Xen patch for Qubes(-Whonix) is about 2 weeks away for stable from memory - testing repos show everything is all clear after patch is applied (see Qubes users forums over there).
Schneier said when this first happened that you could bank on years of further related attacks, counter-measures and so on. The wiki notes there is no perfect hardware / software security, just layering to better protect yourself. Any truly advanced adversary who wants in, gets in.
Whonix can’t patch this. You can’t apply microcode updates from a virtual machine. Unless you’re using physical isolation.