Home / Technology / Researchers detail three new Intel and AMD Specter vulnerabilities.

Researchers detail three new Intel and AMD Specter vulnerabilities.



The ripple caused by the widespread Specter vulnerability that affected many processors and devices in 2018 has been felt to this day. Safety researchers have uncovered a number of new flaws that, although difficult to perform, have been identified. But it is difficult to relieve.. Three new Specter attacks affect all modern AMD and Intel processors with micro-cache caches, according to a new report from academics from the University of Virginia and the University of California, San Diego. To make matters worse, there is no downsizing on the existing Specter, able to protect against new-style attacks.

Before the information was made public, researchers warned Intel and AMD of a vulnerability that could allow hackers to steal data from machines. PhoronixBut as of now, there are no microcode updates or operating system patches, and so may be. That̵

7;s because the nature of the attacks and reliefs are complex and come with an important caveat.

according Tom’s hardware, Danger can be limited to direct attacks, as it is very difficult to exploit the microop cache vulnerability. Basically, malware must circumvent all the other software and hardware security measures modern systems have.

For CPU manufacturers, one of the biggest concerns is performance affecting mitigation measures the researchers have identified, including micro-op cache wiping at cross-domain or permission-level caching. The authors of the article claim that this relief will come with “Much better performance penalties” than previous attacks.

The first of three possible vulnerabilities is the same threaded cross-domain attack that leaks secrets across the user’s kernel boundaries. A separate variable relies on a cross-SMT thread attack that sends confidential information to two SMT threads through a micro-op cache. A “temporary attack” that can be used “to leak unauthorized secrets accessed along an unidentified path before sending a temporary command to operation”.

All products recommended by Engadget are handpicked by our editorial team independently of our parent company.Some of our stories include affiliate links. If you buy something through a specific link, we may earn an affiliate commission.


Source link