After the first wave of the Spectre and Meltdown attacks was repaired, many were relaxing. Error. CPU Spectre and Meltdown security blanks showed a completely new way of attacking systems, and all security experts knew it was a matter of time to find new methods of attack.
Jann Horn, security researcher at Google Project Zero, like seems discovered a new method in a short time after the repair of the first Spectra fragility. Horn found a new way of attacking microprocessors.
The security gap doesn't just affect Intel processors. It also affects chipsets (x86) της AMD, POWER 8, POWER 9, System z και μερικούς επεξεργαστές ARM. Εν ολίγοις, θα μπορούσε να επιτρέψει μη εξουσιοδοτημένη access read memory to almost any 21st century processor.
The vulnerability number (CVE) for this security issue is CVE-2018-3639.
Intel calls this Speculative Store (SSB), also known as Specter Variant 4. Contrary to the error discovered by Yuriy Bulygin, the former head of Intel's advanced threat group, the xBNUMX system management systems of Intel (SMM), SBB is a new method of attack.
_____________________________
Another new but less dangerous Specter style security vacuum is that CVE-2018-3640, also known as Rogue System Register Read (RSRE) or Specter Variant 3a. With this vulnerability, local users may be able to obtain unauthorized disclosure of system parameters by analyzing side channels.
External attacks, through someone browser and a malware page, are less likely with both vulnerabilities according to Intel.
This means (according to Intel):
“Most browser developers have recently developed Managed Runtimes mitigation measures, which greatly increase the difficulty of exploiting side channels. These techniques increase the difficulty of operating an SSB-based side channel from a browser. "
Για την επίλυση του προβλήματος, η Intel έχει κυκλοφορήσει ενημερώσεις για μικροεπεξεργαστές σε μορφή beta για τους προγραμματιστές λειτουργικών συστημάτων, και κατασκευαστές συσκευών, προσθέτοντας υποστήριξη για την απενεργοποίηση της παρακαμπτήριας αποθήκευσης (Speculative Store Bypass Disable) (SSBD). Το SSBD παρέχει πρόσθετη προστασία, εμποδίζοντας την εμφάνιση της παράκαμψης Speculative Store. Η Intel ελπίζει ότι τα περισσότερα μεγάλα λειτουργικά συστήματα θα προσθέσουν υποστήριξη για το Speculative Store Bypass Disable (SSBD) ξεκινώντας από τις 21 Μαΐου 2018.
________________________
- Intel's press release without algae for silk ribbons
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- WordPress 4.9.6 with 37 enhancements and 51 bug fixes
- 5 Linux tools for recovering data from corrupted drives
- Google's DeepMind: dopamine use from neural networks