After the first wave of the Spectre and Meltdown attacks was repaired, many were relaxing. Error. CPU Spectre and Meltdown security blanks showed a completely new way of attacking systems, and all security experts knew it was a matter of time to find new methods of attack.
Jann Horn, security researcher at Google Project Zero, like seems discovered a new method in a short time after the repair of the first Spectra fragility. Horn found a new way of attacking microprocessors.
The security gap affects not only Intel processors. It also affects the chipsets (x86) of AMD, POWER 8, POWER 9, System z and some ARM processors. In short, it could allow unauthorized read access to memory in almost any 21 century processor.
Her number vulnerability(CVE) for this security issue is o CVE-2018-3639.
Intel calls this Speculative Store (SSB), also known as Specter Variant 4. Contrary to the error discovered by Yuriy Bulygin, the former head of Intel's advanced threat group, the xBNUMX system management systems of Intel (SMM), SBB is a new method of attack.
_____________________________
Another new but less dangerous Specter style security vacuum is that CVE-2018-3640, also known as Rogue System Register Read (RSRE) or Specter Variant 3a. With this vulnerability, local users may be able to obtain unauthorized disclosure of system parameters by analyzing side channels.
External attacks, through a browser and a page with malware, are less likely with both vulnerabilities according to Intel.
This means (according to Intel):
“Most browser developers have recently developed Managed Runtimes mitigation measures, which greatly increase the difficulty of exploiting side channels. These techniques increase the difficulty of operating an SSB-based side channel from a browser. "
To resolve the issue, Intel has released microprocessor updates in beta form to operating system developers, and device manufacturers, adding support for disabling Speculative Store Bypass Disable) (SSBD). SSBD provides additional protection by preventing the Speculative Store bypass from occurring. Intel hopes that most major operating systems will add support for Speculative Store Bypass Disable (SSBD) starting May 21, 2018.
________________________
- Intel's press release without algae for silk ribbons
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- WordPress 4.9.6 with 37 enhancements and 51 bug fixes
- 5 Linux tools for recovering data from corrupted drives
- Google's DeepMind: dopamine use from neural networks