Tech giants reveal new variant of Meltdown and Spectre vulns

Intel and Microsoft have revealed a new variant of the Meltdown and Spectre chip vulnerabilities that have plagued their products in recent months. The new vulnerability, dubbed “Variant 4,” can be exploited through JavaScript in a web browser to steal data. Like the Meltdown and Spectre vulnerabilities, “Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel,” Leslie Culbertson, an executive vice president at Intel, wrote in a blog post. Intel isn’t aware of any exploits of Variant 4 in the wild, Culbertson said, crediting the company’s expanded bug bounty program for boosting security. In a security advisory published Monday, Microsoft said that is wasn’t “aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate.” The Spectre (Variants 1 and 2) and Meltdown […]

The post Tech giants reveal new variant of Meltdown and Spectre vulns appeared first on Cyberscoop.

Continue reading Tech giants reveal new variant of Meltdown and Spectre vulns

Twitter, Meltdown, & RSAC – Application Security Weekly #15

In the news, A Boeing 757 was hacked remotely while it sat on the runway, Twitter says all 336 million users should change their passwords, Meltdown patches return kernel page table directory to user space, somebody tried to hide a backdoor in a popula… Continue reading Twitter, Meltdown, & RSAC – Application Security Weekly #15