"Computer Scientists Discover New Vulnerability Affecting Computers Globally"

Since the discovery of the original Spectre vulnerability, computer scientists from industry and academia have developed software patches and hardware defenses to protect the most vulnerable points in the speculative execution process without sacrificing too much computing performance. However, a team of computer science researchers at the University of Virginia School of Engineering and Applied Science (SEAS) discovered a method that breaks all defenses developed against the exploitation of the Spectre vulnerability. The new vulnerability impacts billions of computers and other devices globally. The researchers found a new way for hackers to exploit micro-op cache, which increases computing speed by storing simple commands and enabling the processor to quickly fetch them early in the speculative execution process. Micro-op caches have been present in Intel computers manufactured since 2011. According to the researchers, hackers can steal data when a processer fetches commands from the micro-op cache. All current Spectre defenses are made ineffective by the team's new attacks because they protect the processor in the later state of speculative execution. Two variants of the researchers' attacks can steal information from Intel and AMD accessed speculatively. The team has shown how a malicious actor can smuggle sensitive information via the micro-op cache by using it as a covert channel. They say this new vulnerability will be significantly more difficult to fix as it will take a much greater performance penalty than the previous Spectre attacks. Patches that disable the micro-op cache or stop speculative execution on legacy hardware would reduce the effectiveness of critical performance innovations in the majority of modern Intel and AMD processors. This article continues to discuss the Spectre vulnerability and the newly discovered Spectre variants.

Science Daily reports "Computer Scientists Discover New Vulnerability Affecting Computers Globally"

Submitted by Anonymous on