Intel and AMD chips are under attack from a new generation of Spectre threats

1 week ago 7
Meltdown and Spectre
(Image credit: Shutterstock)

It seems as Spectre still haunts Intel and AMD processors after cybersecurity researchers found new working speculative execution attacks.

To improve their performance, modern processors try to “guess” what tasks to do next. Speculative execution attacks abuse this mechanism to trick the computer into leaking private information, like passwords or other sensitive data, while it’s working ahead of time on the wrong guesses.

The most popular attack was called Spectre - first observed in early 2018, together with a sister vulnerability called Meltdown. At the time, it was said that most computers were vulnerable to Spectre and Meltdown, and the subsequent rush to fix the flaws made an even bigger mess, with some computers completely bricked as a result.

8BASE and Everest

Now, cybersecurity researchers Johannes Wikner and Kaveh Razavi from ETH Zurich claim that years after Spectre, there are multiple similar attacks that can work around existing defenses.

Among them are two methods that work on Linux, and affect a wide range of Intel processors (Intel’s 12th, 13th, and 14th chip generations for consumers, and 5th and 6th generation of Xeon processors for servers), and many AMD chips (Zen 1, Zen 1+, Zen 2).

The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, it was explained. IBP is pivotal in defending against speculative execution attacks.

In the meantime, the researchers notified both Intel and AMD of their findings, and both companies have acknowledged the existence of the vulnerabilities. In fact, both said they already discovered them and are working on a fix. Intel is tracking it as CVE-2023-38575, and AMD is tracking it as CVE-2022-23824. Intel fixed it with a firmware update released in March, but according to BleepingComputer, the fix has not yet reached all operating systems.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article