How to deal with Spectre, the sequel

By
How to deal with Spectre, the sequel

Spectre is the CPU vulnerability that just keeps on giving. Revisions to CVE-2017-5753 and CVE-2018-3693 this week reveal that Spectre 1.1 and 1.2 have emerged from the shadows.

Spectre is the CPU vulnerability that just keeps on giving. Revisions to CVE-2017-5753 and CVE-2018-3693 this week reveal that Spectre 1.1 and 1.2 have emerged from the shadows. So what are they, and how do you mitigate them and any exploits that follow?
Actually, these aren't the first variations on the Spectre theme to emerge; there have been at least four Spectre variants to appear so far.
 
They are, however, new variants of the original vulnerability and have been dubbed Spectre 1.1 and 1.2 as a result. Like most sequels, they aren't quite as gripping as the original but nonetheless cannot be ignored. 
 
Intel apparently paid US$ 100,000 through the bug bounty program to researchers who uncovered the new speculative execution chip vulnerabilities. You can read the newly published fourth revision of Intel's analysis of speculative execution side channels, which includes the latest information, here: 
 
 
In a nutshell, Spectre 1.1 can leverage speculative stores to create speculative buffer overflows while Spectre 1.2 enables the targeting of CPUs without the proper read/write protection in order to breach sandboxes. 
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA

Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA

Re-designed Gmail poses new potential threat to 1.4 billion users

Re-designed Gmail poses new potential threat to 1.4 billion users

GitHub now warns you about flaws affecting your Python code

GitHub now warns you about flaws affecting your Python code

My Health Record: the case for opting out

My Health Record: the case for opting out

Would you like to receive

Our Newsletter?