Two New Variants of Spectre Discovered

By

Intel paid $100,000 to researchers for finding the flaw.

Security researchers have discovered two new variants of Spectre 1 that can be used to compromise systems running AMD, ARM, and Intel chips.

According to researchers, Spectre 1.1 is a sub-variant of the original Spectre Variant 1 that leverages speculative stores to create speculative buffer overflows. Spectre 1.2 depends on lazy PTE (page table entry) enforcement, the same mechanism on which the exploitation of the Meltdown flaw relies.

Spectre is not a single vulnerability; it’s a class or family of flaws that have their origin in the way modern processors work. To be faster, modern chips speculate what will be executed next, which cuts down on time and makes the overall operation much faster. “At the program level, this speculation is invisible, but because instructions were speculatively executed they might leave hints that a malicious actor can measure, such as which memory locations have been brought into cache,” Intel wrote in a white paper.

That’s exactly what bad actors exploit. Two security researchers who discovered these new variants wrote in their research paper, “Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently demonstrated Spectre attacks leverage speculative loads that circumvent access checks to read memory-resident secrets, transmitting them to an attacker using cache timing or other covert communication channels.”

Unlike earlier, when Intel kept the news under wraps, this time the chip maker responded by rewarding researchers $100,000 for the discovery. The company is reportedly working on a Microsoft Windows-like update cycle to allow better testing and deployment of patches. The previous efforts to patch Meltdown and Spectre led to broken systems that prompted companies like Red Hat to roll back updates.

07/17/2018
comments powered by Disqus