Items tagged with spectre
A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor's speculative execution technology – like Spectre and Meltdown – and can be used to access sensitive information, including encryption related data. Over the last day or two, patches have quietly rolled out for some operation systems, but Red Hat just revealed all of the underlying details. The vulnerability, which is being called "Lazy FPU Save/Restore," was assigned a moderate rating and an ID of CVE-2018-3665 in the company's solutions database. As its name suggests,...
Read more...
Computer users around the world are still reeling from the Spectre flaws that affected many modern ARM and x86-64 CPUs, and earlier this month we learned that there was another Spectre-style vulnerability that could affect processors from Intel, AMD and ARM. Intel and Microsoft have now stepped up and officially disclosed the latest vulnerability. Intel says that following the Google Project Zero (GPZ) disclosure of speculative execution-based side-channel analysis methods back in January that it has continued working with researchers around the world to figure out if similar methods could...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element...
Read more...
Just when news of Spectre and Meltdown has seemingly died down, we're now hearing of a fresh round of exploits that might affect Intel processors. A total of 8 new vulnerabilities have been discovered and are being dubbed Spectre Next Generation, or Spectre-NG for short. Each of the eight vulnerabilities have been assigned their own Common Vulnerability Enumerator (CVE) designation, and each will need to be patched separately according to German publication c't. Intel, which has been notified of Spectre-NG, acknowledges that four of the new exploits are considered "high risk",...
Read more...
In mid-March, Intel announced that it had made tremendous progress in releasing microcode updates to address the Meltdown and Spectre vulnerabilities in its processors. At the time, Intel said that its microcode updates had been distributed for all of its processors released in the past five years. While Intel's progress in making sure that its processors are hardened against exotic side-channel attacks, the company doesn't have unlimited resources -- especially when it comes to supporting processors that were first released many years ago. To that end, Intel has provided a new status update on...
Read more...
When word finally spread about Spectre and Meltdown, it seemed only a matter of time before attackers would try to leverage the side-channel vulnerabilities. That is not the only concern, however. A team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamtom University say they have discovered a new side-channel attack that affects Intel processors, and that patches released for Spectre and Meltdown might prove ineffective against the exploit. Researchers are calling the newly discovered vulnerability "BranchScope."...
Read more...
It appears that the Spectre-Meltdown nightmare for Intel and its customers is finally nearing resolution. The chip giant has been working overtime to develop and distribute microcode updates for its processors to combat these vulnerabilities, and this morning announced that 100 percent of its processors released in the past five years have microcode updates to protect "against the side-channel method vulnerabilities." In addition, Intel says that it is taking proactive steps to ensure that all three primary vulnerabilities, which are listed below, are addressed in the future: Variant 1 (Spectre):...
Read more...
Today is Patch Tuesday, which means that Microsoft is pushing out a slew updates for its wide portfolio of software products. First and foremost, the company is issuing another round of updates to address the Spectre and Meltdown processor vulnerabilities that rocked the computing world back at the start of 2018. Microsoft announced that it will be expanding its Meltdown mitigation solutions to x86 version of both the legacy Windows 7 and Windows 8.1 operating systems. With this latest round of updates, all of Microsoft's [currently supported] operating systems are hardened against any known Meltdown...
Read more...
Attempts to mitigate CPU flaws affecting practically every processor released in the past two decades has not been easy. There is no 'one-size-fits-all' solution to this mess, and some of early attempts to patch CPUs against Spectre and Meltdown only caused more problems, like random reboots. Well, good news if you an own an older processor—Intel has released another batch of stable microcode updates, this time for Haswell and Broadwell CPUs. The new microcode updates replace some of the ones Intel briefly doled out in January. Intel ended up pulling those initial patches after customers...
Read more...
Just when you thought the whole Spectre and Meltdown situation could not get any messier, a new report suggests Intel withheld information about the security flaws to US cyber officials, even though it gave some of its hardware partners a heads up before the situation became public knowledge. Intel defends its position, saying it had no knowledge that the vulnerabilities had been exploited. The report essentially echoes an earlier one in which The Wall Street Journal said Intel shared information about Spectre and Meltdown to Chinese firms before the US government. At the time, Jake Williams, head...
Read more...
Nobody is happy with the situation surrounding recently disclosed CPU vulnerabilities collectively known as Spectre and Metldown (there are two variants of the former and one of the latter). The anger on the part of consumers has erupted into a series of lawsuits, including at least 32 class-action suits filed against Intel and another four that have been hurled at AMD, with potentially more to come. AMD has perhaps been less of a target because it is not really affected by Meltdown, only Spectre. Be that as it may, AMD has not been immune to legal scrutiny, with four separate class-action lawsuits...
Read more...
In this episode of HotHardware's Two And A Half Geeks, Marco, Paul and Dave chat about our Top Mechanical Keyboard Roundup, Second Gen Ryzen benchmark leaks, a bevy of Corsair AIO liquid coolers chilling an overclocked Ryzen processor, the latest security issues and updates for Spectre and Meltdown, recent browser exploits, as a pissed-off robot dog! Show Notes: 02:34 - 5-Way Mechanical Keyboard Roundup: Top Decks For Gamers And Enthusiasts 18:04 - AMD Ryzen 5 2600 Pinnacle Ridge Processor Single And Multi-Core Benchmarks Leak 27:21 - AMD Launches Embedded Epyc 3000 And Ryzen V1000 Series...
Read more...
Intel continues to plug along with microcode updates for its vast stable of processors. Two weeks ago, the company released revised microcode updates with Spectre mitigations that were limited to mainstream Skylake mobile and desktop platforms. This week, the company has expanded the microcode updates to cover Skylake-X and Skylake-SP processors architectures including Core-X, Xeon Scalable and Xeon D. In addition, the new microcode release covers Kaby Lake and Coffee Lake processors that were previously left out. Intel was forced to pull its original microcode updates after it was found that some...
Read more...
Recently discovered vulnerabilities present in practically every processor manufactured in the past two decades have caused quite the headache, for both companies like Intel and AMD, and end users who have to balance software patches with performance penalties. Just when we thought we could exhale (even if just a little bit), security researchers from Princeton University and NVIDIA have found new ways of exploiting Meltdown and Spectre, and upcoming hardware changes might prove futile to these new methods. The researchers outlined their findings in a paper (PDF) titled "MeldownPrime and SpectrePrime:...
Read more...
