Spectre New attacks, security fixes come up

After the first wave of the Spectre and Meltdown attacks was repaired, many were relaxing. Error. CPU Spectre and Meltdown security blanks showed a completely new way of attacking systems, and all security experts knew it was a matter of time to find new methods of attack.

Jann Horn, security researcher at Google Project Zero, like seems discovered a new method in a short time after the repair of the first Spectra fragility. Horn found a new way of attacking microprocessors. Spectre

The security gap affects not only Intel processors. It also affects the chipsets (x86) of AMD, POWER 8, POWER 9, System z and some ARM processors. In short, it could allow unauthorized read access to memory in almost any 21 century processor.

The vulnerability number (CVE) for this security issue is CVE-2018-3639.

Intel calls this Speculative Store (SSB), also known as Specter Variant 4. Contrary to the error discovered by Yuriy Bulygin, the former head of Intel's advanced threat group, the xBNUMX system management systems of Intel (SMM), SBB is a new method of attack.


Another new but less dangerous Specter style security vacuum is that CVE-2018-3640, also known as Rogue System Register Read (RSRE) or Specter Variant 3a. With this vulnerability, local users may be able to obtain unauthorized disclosure of system parameters by analyzing side channels.

External attacks, through a browser and a malware page, are less likely with both Intel security loopholes.

This means (according to Intel):

“Most browser developers have recently developed Managed Runtimes mitigation measures, which greatly increase the difficulty of exploiting side channels. These techniques increase the difficulty of operating an SSB-based side channel from a browser. "

To solve the problem, Intel has released beta updates for beta system microprocessors and device manufacturers, adding support for Speculative Store Bypass Disable (SSBD). The SSBD provides additional protection, preventing the occurrence of the Speculative Store bypass. Intel hopes that most major operating systems will add support for Speculative Store Bypass Disable (SSBD) starting with 21 May 2018.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news