<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head><!--[if gte mso 9]><xml><o:OfficeDocumentSettings><o:AllowPNG/><o:PixelsPerInch>96</o:PixelsPerInch></o:OfficeDocumentSettings></xml><![endif]--></head><body><div class="ydp61146933yahoo-style-wrap" style="font-family: times new roman, new york, times, serif; font-size: 16px;"><div><div><span><span>"Researchers have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications."</span></span></div><div><span><span></span></span><br></div><div><span>"The leakage can be exploited by a limited set of instructions, which is visible in <u><b>all Intel generations</b></u> starting from the 1st generation of Intel Core processors, independent of the OS (<u>works against ALL operating systems</u>) and <u>also works from within virtual machines and sandboxed environments.</u>"</span><br></div><div><br></div><span><span></span></span><span><span>"This security shortcoming can be potentially exploited by malicious <u>JavaScript within a web browser tab</u> (phishing vector), or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. <br></span></span><div><span><span><br></span></span></div><div><span><span>The vulnerability, it appears, cannot be easily fixed or mitigated without <u><b>significant redesign work at the silicon level</b></u>.</span></span></div><div><span><span><br></span></span></div><div><span><span><span>The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.</span>"</span></span></div><div><span><span><br></span></span></div><div><span><span>"<span>Spoiler is not a Spectre attack. The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts. <u>Existing spectre mitigations would therefore not interfere with Spoiler.</u></span>"<br></span></span></div><div><br><span></span></div><div>The "spoiler" vulnerability <span>"can be exploited from user space <u><b>without elevated privileges.</b></u></span>"<br></div><div><br></div><div>Link to the paper: <a href="https://arxiv.org/pdf/1903.00446.pdf" rel="nofollow" target="_blank">https://arxiv.org/pdf/1903.00446.pdf</a></div><div><br></div><div>News article:</div><div><br></div></div><div><span><a href="https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/">Intel CPUs afflicted with simple data-spewing spec-exec vulnerability</a><br></span></div><div><br></div><div><div><a href="https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/" rel="nofollow" target="_blank">Link: https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/</a></div><div><br></div><span></span></div><div><br></div><div id="ydp26857580enhancr_card_2574360638" class="ydp26857580yahoo-link-enhancr-card ydp26857580ymail-preserve-class ydp26857580ymail-preserve-style" style="max-width: 400px; font-family: Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif; position: relative;" data-url="https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/" data-type="YENHANCER" data-size="MEDIUM" contenteditable="false"><a href="https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/" style="text-decoration:none !important;color:#000 !important" class="ydp26857580yahoo-enhancr-cardlink" rel="nofollow" target="_blank"><table class="ydp26857580card-wrapper ydp26857580yahoo-ignore-table" style="max-width:400px" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="400"><table class="ydp26857580card ydp26857580yahoo-ignore-table" style="max-width:400px;border-width:1px;border-style:solid;border-color:rgb(224, 228, 233);border-radius:2px" width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td class="ydp26857580card-primary-image-cell" style="background-color: rgb(0, 0, 0); background-repeat: no-repeat; background-size: cover; position: relative; border-radius: 2px 2px 0px 0px; min-height: 175px;" valign="top" height="175" bgcolor="#000000" background="https://s.yimg.com/lo/api/res/1.2/sXcIPGdyYnv.fX01quCP3g--~A/Zmk9ZmlsbDt3PTQwMDtoPTIwMDthcHBpZD1pZXh0cmFjdA--/https://regmedia.co.uk/2019/03/05/shutterstock_1079738360.jpg.cf.jpg"><!--[if gte mso 9]><v:rect fill="true" stroke="false" style="width:396px;height:175px;position:absolute;top:0;left:0;"><v:fill type="frame" color="#000000" src="https://s.yimg.com/lo/api/res/1.2/sXcIPGdyYnv.fX01quCP3g--~A/Zmk9ZmlsbDt3PTQwMDtoPTIwMDthcHBpZD1pZXh0cmFjdA--/https://regmedia.co.uk/2019/03/05/shutterstock_1079738360.jpg.cf.jpg"/></v:rect><![endif]--><table class="ydp26857580card-overlay-container-table ydp26857580yahoo-ignore-table" style="width:100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td class="ydp26857580card-overlay-cell" style="background-color: transparent; border-radius: 2px 2px 0px 0px; min-height: 175px;" valign="top" bgcolor="transparent" background="https://s.yimg.com/cv/ae/nq/storm/assets/enhancrV21/1/enhancr_gradient-400x175.png"><!--[if gte mso 9]><v:rect fill="true" stroke="false" style="width:396px;height:175px;position:absolute;top:-18px;left:0;"><v:fill type="pattern" color="#000000" src="https://s.yimg.com/cv/ae/nq/storm/assets/enhancrV21/1/enhancr_gradient-400x175.png"/><v:textbox inset="0,0,20px,0"><![endif]--><table class="ydp26857580yahoo-ignore-table" style="width: 100%; min-height: 175px;" height="175" border="0"><tbody><tr><td class="ydp26857580card-richInfo2" style="text-align:left;padding:15px 0 0 15px;vertical-align:top"></td><td class="ydp26857580card-actions" style="text-align:right;padding:15px 15px 0 0;vertical-align:top"><div class="ydp26857580card-share-container"></div></td></tr></tbody></table><!--[if gte mso 9]></v:textbox></v:rect><![endif]--></td></tr></tbody></table></td></tr><tr><td><table class="ydp26857580card-info ydp26857580yahoo-ignore-table" style="background-color: rgb(255, 255, 255); background-repeat: repeat; background-attachment: scroll; background-image: none; background-size: auto; position: relative; z-index: 2; width: 100%; max-width: 400px; border-radius: 0px 0px 2px 2px; border-top: 1px solid rgb(224, 228, 233);" cellspacing="0" cellpadding="0" border="0" align="center"><tbody><tr><td style="background-color:#ffffff;padding:16px 0 16px 12px;vertical-align:top;border-radius:0 0 0 2px"></td><td style="vertical-align:middle;padding:12px 24px 16px 12px;width:99%;font-family:Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif;border-radius:0 0 2px 0"><h2 class="ydp26857580card-title" style="font-size:14px;line-height:19px;margin:0 0 6px 0;font-family:Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif;word-break:break-word;color:#26282a">SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing ...</h2><p class="ydp26857580card-description" style="font-size:12px;line-height:16px;margin:0;color:#979ba7;word-break:break-word">'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'</p></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></a><div class="loadingSpinnerContainer" style="position: absolute; top: 0px; width: 100%; height: 100%; display: flex; align-items: center; justify-content: center; background-color: rgba(255, 255, 255, 0.3);"><div class="D_F F_n gl_C ab_C H_6MGW o_h"><div class="W_6MGW H_6MGW D_X ah_1PEzoz" data-test-id="loading_indicator"><svg class="W_6MGW H_6MGW ah_Zq6hUs" viewBox="0 0 24 24" width="24" height="24"><path class="cdPFi_n cZ13pKbK_Z2aVTcY cZ1XO2Ji_dRA c2abBOT_EY cZ1vNhDV_rd cZV8aCd_pI ah_14s73" d="M12,22C6.477,22,2,17.523,2,12S6.477,2,12,2"></path><path class="cdPFi_n cZ13pKbK_Z2aVTcY cZ1XO2Ji_dRA c2abBOT_EY cZ1vNhDV_rd cZV8aCd_pI ah_14s73" d="M12,2c5.523,0,10,4.477,10,10s-4.477,10-10,10"></path></svg></div></div></div></div><div><br></div><div><br></div></div></body></html>