Cybersecurity researchers have discovered another Meltdown, Spectre security flaw that is affecting modern CPUs. If exploited it will allow a local hacker to access privileged data.
Both processor security flaws can be exploited by hackers or malware to steal passwords, encryption keys, and other secrets.
However, the Spectre and Meltdown exploits are fundamentally different, meaning that a CPU can be vulnerable to Spectre but not Meltdown. The only common property both have is that they exploit side effects within the transient execution domain.
The researchers found a total of seven new transient execution attacks:
-two new Meltdown variants Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD;
-five new Spectre branch predictor mistraining strategies for previously disclosed flaws known as Spectre-PHT or Bounds Check Bypass and Spectre-BTB or Branch Target Injections
All these flaws have been already disclosed to vendors.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Spectre exploits can be used to branch prediction to gain access to transient data. Meltdown flaws bypass the isolation between applications and the operating system by evaluating transient out-of-order instructions following a CPU exception to read kernel memory.
Meltdown-PK bypass the PKU isolation if a hacker has code execution in the containing process. The biggest problem here is, there is no software workaround. Intel can only fix Meltdown-PK in new hardware or possibly via a microcode update.
Meltdown-BR flaw bypass bound checks, which raise exceptions when an out-of-bound value is found.
The researchers offered a proof of concept of this flaws on an Intel Skylake i5-6200U CPU with MPX support, an AMD 2013 E2-2000 and an AMD 2017 Ryzen Threadripper 1920X.
The branch predictor in Spectre-PHT and Spectre-BTB attacks, affects Intel Skylake i5-6200U and Haswell i7-4790, on AMD Ryzen 1950X and a Ryzen Threadripper 1920X, and on an Arm-based NVIDIA Jetson TX1.
Researchers say that all vendors have processors that are vulnerable to these variants.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.