New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed
Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they've named Spectre 1.1 and Spectre 1.2.
Spectre 1.1 and Spectre 1.2 short description
According to researchers, a Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code that retrieves data from previously-secured CPU memory sections.
Spectre 1.1 is very similar to the Spectre variant 1 and 4, but the two researchers who discovered the bug say that "currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1."
As for Spectre 1.2, researchers say this bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags.
"As a result [of malicious Spectre 1.2 writes], sandboxing that depends on hardware enforcement of read-only memory is rendered ineffective," researchers say.
To exploit, similarly to most previous Meltdown and Spectre bugs, both vulnerabilities require the presence of malicious code on a user's PC, code responsible for running the attack. This somewhat limits the bug's severity, but doesn't excuse sysadmins who fail to apply patches when they'll become available.
Bug affects Intel and ARM, most likely AMD too
Intel and ARM have publicly acknowledged that some of their CPUs are vulnerable to Spectre 1.1. AMD has not published a statement, but AMD has been historically slow at reviewing security issues. Since all Spectre attacks affected AMD CPUs, it is safe to assume that these new ones also affect AMD's portfolio as well.
Researchers didn't release information on CPUs impacted by Spectre 1.2. No patches are available for either bugs at the moment.
Microsoft, Oracle, and Red Hat have said they are still investigating if Spectre 1.1 affects data handled by their products and are looking into ways to mitigate the risk at the software level.
In their research paper (Speculative Buffer Overflows: Attacks and Defenses), the two academics who found the flaws suggested three hardware-based mitigations for preventing Spectre 1.1 attacks, and one for Spectre 1.2.
Intel has also paid the research team a bounty of $100,000 for discovering this bug part of the company's recently launched bug bounty program, which Intel set up following the disclosure of the original Meltdown and Spectre vulnerabilities. This is one of the highest bug bounty rewards known to date.
*There is a very nice table showing the different variants of Spectre for those who are interested in the webpage which can be accessed through the link below.
Source:
Bleeping Computer
lord.
