1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Spectre returns - Intel and ARM-based CPUs hit by serious vulnera

    From TechnologyDaily@1337:1/100 to All on Wed Mar 9 15:45:04 2022
    Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability

    Date:
    Wed, 09 Mar 2022 15:27:55 +0000

    Description:
    Researchers publish proof-of-concept detailing how Spectre migitations can be bypassed on Intel and other ARM-based CPUs.

    FULL STORY ======================================================================

    A variant of the dreaded Spectre vulnerability has been discovered, and even though its only made it to the proof-of-concept stage, the sheer promise of its destructive power warrants swift action.

    Researchers from Intel and VUSec discovered the flaw in both Intel and ARM devices, and have dubbed it Branch History Injection (BHI).

    It bypasses Intels eIBRS, as well as Arms CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such as passwords . TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << AMD hardware unaffected this time

    The list of affected chips is quite extensive, covering all of Intels processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2). So far, its been said that AMD chips are unaffected by the flaw.

    This is also just a proof-of-concept vulnerability, thats already being mitigated by both affected companies, which means its use in the wild through malware should be relatively limited. Whether or not the upcoming patches
    will severely impact the endpoints performance, as was the case with early Spectre and Meltdown patches, remains to be seen. Read more

    Keeping your CPU safe from Spectre imposes serious performance penalty


    New Meltdown and Spectre exploits have been built, but arent in the wild
    yet


    Intel's Amber Lake, Whiskey Lake Spectre and Meltdown protections aren't
    100% hardware-based

    Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.

    A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found on
    this link .

    VUSec has published a YouTube video demonstrating how the flaw works, leaking a password in the process. You can find the video here . Check out the best ransomware protection available now

    Via: Tom's Hardware



    ======================================================================
    Link to news story: https://www.techradar.com/news/spectre-returns-intel-and-arm-based-cpus-hit-by -serious-vulnerability/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)