News for Admins
Tech News
Two New Variants of Spectre Discovered
Security researchers have discovered two new variants of Spectre 1 that can be used to compromise systems running AMD, ARM, and Intel chips.
According to researchers, Spectre 1.1 is a sub-variant of the original Spectre Variant 1 that leverages speculative stores to create speculative buffer overflows. Spectre 1.2 depends on lazy page table entry (PTE) enforcement, the same mechanism on which the Meltdown flaw exploitation relies.
Spectre is not a single vulnerability; it's a class or family of flaws that have their origin in the way modern processors work. To be faster, modern chips speculate what will be executed next, which reduces time and makes the overall operation much faster. "At the program level, this speculation is invisible, but because instructions were speculatively executed they might leave hints that a malicious actor can measure, such as which memory locations have been brought into cache," Intel wrote in a whitepaper.
That's exactly what bad actors exploit. Two security researchers who discovered these new variants wrote in their research paper (https://arxiv.org/pdf/1807.03757.pdf ), "Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently demonstrated Spectre attacks leverage speculative
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Two New Variants of Spectre Discovered
- Meltdown and Spectre Revisit Intel, AMD and ARM Processors
- Sonic and Ultrasonic Signals Can Crash Your Hard Drive
- New Version of the Spectre Vulnerability Allows Attack from the Network
-
News for Admins
Meltdown and Spectre revisit Intel, AMD, and ARM processors, Orangeworm, a new hacking group, targets the healthcare industry, Docker EE 2.0 announced, Remote code execution vulnerability found in Cisco