The researchers detailed three new Intel and AMD Specter vulnerabilities


The Ripples Built by Wide Specter Weakness, which Affects a huge number of processors and devices In 2018, being felt to this day. Security researchers have discovered a number of new forms of bugs that are difficult to implement but difficult to mitigate. Three new types of potential specter attacks affect all modern AMD and Intel processors in micro-op-cache, as new Paper From academics from the University of Virginia and the University of California San Diego. To make matters worse, none of the existing specter mitigation can protect against attacks that use new forms.

Prior to the release of the data, the researchers warned Intel and AMD about the potential for hackers to steal data from any machine. Phoronix. But so far no microcode update or OS patch has been released and it can only stay that way. Because the nature of the attacks and their mitigation is chaotic and brings a big warning.

According to Tom’s hardware, The danger may be limited to direct attacks because it is extremely difficult to exploit the cache vulnerabilities of micro-apps. In short, malware needs to bypass all other software and hardware security measures by modern systems.

In the case of CPU manufacturers, the biggest concern is the mitigation measures that affect the performance described by the researchers, including the distribution based on the level of convenience of micro-upper caches or caches at domain crossings. The paper’s authors claim that the reduction will result in “much higher performance penalties” related to previous attacks.

The first of a potential exploit trilogy is a cross-domain attack of the same thread that leaks mystery across the user’s kernel boundaries. A separate variant relies on cross-SMT thread attack which secretly transitions between two SMT threads in the micro-opish cache. The paper also describes “transient execution attacks” that can be used “before the dispatch of an unauthorized secret accessed through a misspelled route, to execute transient instructions.”

All products offered by Engadget are selected by our editorial team, different from our parent company. Some of our stories include approved links. If you purchase something through one of these links, we can earn an approved commission.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *