Sign In

Communications of the ACM

ACM TechNews

Google, Microsoft Find Another Spectre, Meltdown Flaw


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Intel will release a complete fix for the flaws over the coming weeks.

Researchers have identified a fourth variant of the Spectre and Meltdown flaws found in hundreds of millions of chips.

Credit: Thomas Samson/AFP/Getty Images

Intel and Microsoft on Monday reported a new variant of the Spectre and Meltdown security bugs.

Google's Project Zero researchers initially reported the bug to Intel, AMD, and Arm in February.

Named "Variant 4" by Intel, the strain exploits many of the same vulnerabilities disclosed in January, while extracting data via a different technique. Variant 4 employs "Speculative Store Bypass," which could enable a victim's processor to load sensitive data to potentially unsecured spaces.

Officials with the U.S. Computer Emergency Readiness Team say Variant 4 would let attackers read older memory values on a victim's central-processing unit.

Intel plans to issue a complete patch for Variant 4 in the coming weeks, and vendors will have to activate the fix.

Meanwhile, Microsoft warns that potential hackers could leverage JavaScript in browsers to launch Variant 4-based attacks.

"It is important to note that this method is dependent on malware running locally," Arm noted.

From CNet
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account