New Spectre Chip Security Vulnerability Found That Leaves Billions Of PCs Still Defenseless
Back in 2018, a processor security vulnerability called Spectre appeared, affecting all modern CPU architectures from Intel, AMD, and even ARM in the last 20 years. Since then, major players and semiconductor OEMs have worked hard to patch out the vulnerabilities in a cybersecurity whack-a-mole game, in some cases leading to performance loss and other issues. Today, unfortunately, University of Virginia Researchers have now found a way to circumvent all of the original Spectre security mitigations, essentially resurrecting the ghostly security flaw that will now again haunt billions of PCs globally.
Of the vulnerabilities that appeared in 2018, Spectre was the nastier of the two primary threat vectors, with the other being Meltdown. In short, Spectre works by leveraging modern CPU features called branch prediction and speculative execution, to access memory that would not otherwise be accessible during traditional compute operations. Exposed system memory could contain confidential information, which could then be piped out through a side channel to an adversary looking to exploit it. The original whitepaper explained that this problem ultimately arose from a “long-standing focus in the technology industry on maximizing performance,” without focusing on adequate security measures to protect system memory data in flight.

According to an article released yesterday by University of Virginia, this newly discovered line of attack means “billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.” It was initially reported to international chip makers in April, and now presents new challenges for both consumers and enterprise customers alike.
Spectre's New Threat Vector Discovery And How It Works


Whatever the potential fix might be, it's likely not going to be pretty nor easy to fix, as we saw with the original Spectre vulnerability. Hopefully, academia, government, and major chip players can quickly work together to address the problem at hand. You can learn more about this new vulnerability in the research report here (PDF). Either way, stay tuned to HotHardware for updates on this developing situation.
(Ashish Venkat Image Courtesy Of UVA)