Fresh crop of Spectre flaws haunting Intel
Researchers have unearthed a fresh new set of ways attackers could potentially target the Spectre CPU vulnerabilities.
German publication Heise reported that researchers are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Intel processors.
“So far we only have concrete information on Intel’s processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable,” Heise said.
“Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.”
Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX
The report notes that Intel has been alerted as to the vulnerabilities, though Chipzilla isn’t saying much on the matter right now.
“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers,” executive VP and general manager of product assurance and security Leslie Culbertson said in a statement to The Register.
“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations.”
The disclosure of new CVEs related to Specter should hardly come as a shock, given the nature of the Spectre vulnerability and how difficult it is for chip designers to fully address. Seemingly every few weeks, researchers have found new variants and points of entry related to the bug, and new variations will likely continue to be found until chipmakers can get redesigned processors to market later this year. ®
Sponsored:
Minds Mastering Machines – Call for papers now open
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/05/03/just_your_monthly_reminder_that_the_spectre_bug_is_still_out_there/