After patching the first wave of Specter and Meltdown attacks, many relaxed. Error. The CPU Specter and Meltdown vulnerabilities showed a whole new way to attack systems, and all its experts better safetys knew it was only a matter of time before new methods of attack were found.
Jann Horn, security researcher at Google Project Zero, as seems discovered a new method in a short time space after fixing the first Specter vulnerabilities. Horn found a new way to attack microprocessors.
The security gap affects not only Intel processors. It also affects the chipsets (x86) of AMD, POWER 8, POWER 9, System z and some ARM processors. In short, it could allow unauthorized read access to memory in almost any 21 century processor.
The vulnerability number (CVE) for this security issue is CVE-2018-3639.
Intel calls this bypass Speculative Store (SSB), also known as Spectre Variant 4. Contrary to the mistake made by Yuriy Bulygin, the former head of Intel's advanced threat group, the Intel x86 Management System (SMM), SBB, is a new method of attack.
_____________________________
Another new but less dangerous Specter style security vacuum is that CVE-2018-3640, also known as Rogue System Register Read (RSRE) or Specter Variant 3a. With this vulnerability, local users may be able to obtain unauthorized disclosure of system parameters by analyzing side channels.
External attacks, through a browser and a page with malware, are less likely with the two security gaps according to Intel.
This means (according to Intel):
“Most browser developers have recently developed Managed Runtimes mitigation measures, which greatly increase the difficulty of exploiting side channels. These techniques increase the difficulty of operating an SSB-based side channel from a browser. "
To solve the problem, Intel has released beta updates for beta system microprocessors and device manufacturers, adding support for Speculative Store Bypass Disable (SSBD). The SSBD provides additional protection, preventing the occurrence of the Speculative Store bypass. Intel hopes that most major operating systems will add support for Speculative Store Bypass Disable (SSBD) starting with 21 May 2018.
________________________
- Intel's press release without algae for silk ribbons
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- WordPress 4.9.6 with 37 enhancements and 51 bug fixes
- 5 Linux tools for recovering data from corrupted drives
- Google's DeepMind: dopamine use from neural networks