News for Admins

Tech News

Two New Variants of Spectre Discovered

Security researchers have discovered two new variants of Spectre 1 that can be used to compromise systems running AMD, ARM, and Intel chips.

According to researchers, Spectre 1.1 is a sub-variant of the original Spectre Variant 1 that leverages speculative stores to create speculative buffer overflows. Spectre 1.2 depends on lazy page table entry (PTE) enforcement, the same mechanism on which the Meltdown flaw exploitation relies.

Spectre is not a single vulnerability; it's a class or family of flaws that have their origin in the way modern processors work. To be faster, modern chips speculate what will be executed next, which reduces time and makes the overall operation much faster. "At the program level, this speculation is invisible, but because instructions were speculatively executed they might leave hints that a malicious actor can measure, such as which memory locations have been brought into cache," Intel wrote in a whitepaper.

That's exactly what bad actors exploit. Two security researchers who discovered these new variants wrote in their research paper (https://arxiv.org/pdf/1807.03757.pdf ), "Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently demonstrated Spectre attacks leverage speculative

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia