After patching the first wave of Specter and Meltdown attacks, many relaxed. Error. The Specter and Meltdown CPU vulnerabilities showed a whole new way to attack systems, and all security experts knew they were theme time to find new attack methods.
Jann Horn, security researcher at Google Project Zero, such as seems discovered a new method in a short time space after fixing the first Specter vulnerabilities. Horn found a new way to attack microprocessors.
The security gap doesn't just affect Intel processors. Also affects AMD (x86) chipsets, POWER 8, POWER 9, System z and some ARM processors. In short, it could allow unauthorized read access to memory on almost any 21st century processor.
The number of the vulnerability (CVE) for this problem security is the CVE-2018-3639.
Intel calls this Speculative Store (SSB), also known as Specter Variant 4. Contrary to the error discovered by Yuriy Bulygin, the former head of Intel's advanced threat group, the xBNUMX system management systems of Intel (SMM), SBB is a new method of attack.
_____________________________
Another new but less dangerous Specter style security vacuum is that CVE-2018-3640, also known as Rogue System Register Read (RSRE) or Specter Variant 3a. With this vulnerability, local users may be able to obtain unauthorized disclosure of system parameters by analyzing side channels.
External attacks, through a browser and a malware page, are less likely with both Intel security loopholes.
This means (according to Intel):
“Most browser developers have recently developed Managed Runtimes mitigation measures, which greatly increase the difficulty of exploiting side channels. These techniques increase the difficulty of operating an SSB-based side channel from a browser. "
To solve the problem, Intel has released beta updates for beta system microprocessors and device manufacturers, adding support for Speculative Store Bypass Disable (SSBD). The SSBD provides additional protection, preventing the occurrence of the Speculative Store bypass. Intel hopes that most major operating systems will add support for Speculative Store Bypass Disable (SSBD) starting with 21 May 2018.
________________________
- Intel's press release without algae for silk ribbons
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- WordPress 4.9.6 with 37 enhancements and 51 bug fixes
- 5 Linux tools for recovering data from corrupted drives
- Google's DeepMind: dopamine use from neural networks