[kictanet] Researchers discover a MAJOR hardware-level security vulnerability in ALL Intel CPUs (and it's worse than Spectre)
Patrick A. M. Maina
pmaina2000 at yahoo.com
Tue Mar 5 23:15:44 EAT 2019
"Researchers have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications."
"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS (works against ALL operating systems) and also works from within virtual machines and sandboxed environments."
"This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab (phishing vector), or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory.
The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.
The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior."
"Spoiler is not a Spectre attack. The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts. Existing spectre mitigations would therefore not interfere with Spoiler."
The "spoiler" vulnerability "can be exploited from user space without elevated privileges."
Link to the paper: https://arxiv.org/pdf/1903.00446.pdf
News article:
Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
Link: https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
|
|
|
| | |
|
|
|
| |
SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing ...
'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'
|
|
|
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20190305/e75f26da/attachment.htm>
More information about the KICTANet
mailing list