After the first wave of the Spectre and Meltdown attacks was repaired, many were relaxing. Error. CPU Spectre and Meltdown security blanks showed a completely new way of attacking systems, and all security experts knew it was a matter of time to find new methods of attack.
Jann Horn, security researcher at Google Project Zero, such as seems discovered a new method in a short time after the repair of the first Spectra fragility. Horn found a new way of attacking microprocessors.
The security gap doesn't just affect Intel processors. It also affects AMD (x86) chipsets, POWER 8, POWER 9, System z and some ARM processors. In short, it could allow unauthorized access read memory to almost any 21st century processor.
The vulnerability number (CVE) for this security issue is CVE-2018-3639.
Intel calls this bypass Speculative Store (SSB), also known as Spectre Variant 4. Contrary to the mistake made by Yuriy Bulygin, the former head of Intel's advanced threat group, the Intel x86 Management System (SMM), SBB, is a new method of attack.
_____________________________
Another new but less dangerous Specter style security vacuum is that CVE-2018-3640, also known as Rogue System Register Read (RSRE) or Specter Variant 3a. With this vulnerability, local users may be able to obtain unauthorized disclosure of system parameters by analyzing side channels.
External attacks, through a browser and a σελίδας με malware, είναι λιγότερο πιθανές και με τα δύο κενά ασφαλείας σύμφωνα με την Intel.
This means (according to Intel):
“most browser developers have recently developed mitigations for Managed Runtimes, which significantly increase the difficulty of exploiting side channels. These techniques increase the difficulty of exploiting an SSB-based side channel from one Browser . "
To solve the problem, Intel has released beta updates for beta system microprocessors and device manufacturers, adding support for Speculative Store Bypass Disable (SSBD). The SSBD provides additional protection, preventing the occurrence of the Speculative Store bypass. Intel hopes that most major operating systems will add support for Speculative Store Bypass Disable (SSBD) starting with 21 May 2018.
________________________
- Intel's press release without algae for silk ribbons
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- WordPress 4.9.6 with 37 enhancements and 51 bug fixes
- 5 Linux tools for recovering data from corrupted drives
- Google's DeepMind: dopamine use from neural networks