ret2spec and SpecterRSB: new CPU vulnerabilities



[ad_1]

I ] But also bad luck: again, new vulnerabilities in Intel processors have been discovered, again attackers can thus access data from theoretically protected memory areas – even the words of pbad and other sensitive content. And because it's similar to Specter & Co. vulnerabilities, the news is called ret2spec and SpecterRSB.

Functioning of ret2spec and SpecterRSB

There have been a number of similar vulnerability reports over the last six months. The online magazine Winbuzzer.com has counted at least twelve "exploits" since the first Spectrum. Again, the error lies in the microcode for "running the speculative program". It is an optimization technique in which the processor executes the lines of code most likely to be processed quickly when making decisions about the continuation of the program. This not only helps to speed up the program 's execution, but also to get results that end up in a cache even if they are not really needed. Ret2spec and SpecterRSB also use access to these buffers to access data allegedly protected. And for that, as the security researchers write, visiting a prepared website is enough: even with a small javascript, ret2spec and SpecterRSB can be exploited to read pbadwords.

Free Security Programs Overview

The Diesel Scandal of Intel

Clearly, speculative execution is an effective optimization and certainly not a fraudulent software like the diesel scandal. Nevertheless, there are parallels: Even if the error lies in the processor, that is to say in the hardware, software patches are still possible to fill the security gaps. These come from software manufacturers such as Microsoft (for Windows) or Mozilla (for Firefox) and only complicate the exploitation of shortcomings. However, the cost of performance: According to Microsoft, patches against vulnerabilities significantly slow down the processor. For the definitive closure of the vulnerabilities, the respective PC manufacturer should provide Intel firmware updates, but at least in the last six months has not always occurred and is excluded in the processors before 2013. On performance losses and potentially dangerous processors, customers remain seated. And it's already similar to the diesel scandal.

[ad_2]
Source link