"Researchers Poke Holes in Spectre Data Leak Bug Fixes"

Spectre hardware design bugs in processors remain an issue as researchers at the security vendor VUSec have demonstrated how to revive the data leak vulnerability. According to the researchers, attackers can get around software fixes such as Retpoline and hardware mitigations implemented in newer Intel and ARM chip designs by abusing branch history injection. VUSec calls the discovery a resurgence of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. Speculative execution is defined as an optimization technique in which a processor (CPU) prepares and runs code before programs need it so that the code is ready when it is required at any point. This feature has been proven to be exploitable to leak user credentials, digital encryption keys, and other sensitive data. There has been a struggle to develop fixes without sacrificing the performance of processors. This article continues to discuss the concept of speculative execution and the Proof of Concept (POC) exploit created by VUSec researchers that bypasses Spectre data leak bug fixes.

iTnews reports "Researchers Poke Holes in Spectre Data Leak Bug Fixes"