Collaborate Disseminate
Intel found a new derivative of the Spectre security flaw in its chipset. Fortunately, this one isn’t as serious from a security perspective.
The post Intel Finds New Spectre Derivative appeared first on Thurrott.com.
Continue reading Intel Finds New Spectre Derivative
A Spectre variant 4 vulnerability has been identified in the Linux kernel and represents a very dangerous threat to all affected machines. All system administrators are urged to apply the latest updates as soon as possible to mitigate any possible…Re… Continue reading CVE-2018-3639: Spectre Variant 4 Vulnerability Affects the Linux Kernel
CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified,known as"Variant 3a"and"Variant 4". Continue reading VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
Intel and Microsoft have revealed a new variant of the Meltdown and Spectre chip vulnerabilities that have plagued their products in recent months. The new vulnerability, dubbed “Variant 4,” can be exploited through JavaScript in a web browser to steal data. Like the Meltdown and Spectre vulnerabilities, “Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel,” Leslie Culbertson, an executive vice president at Intel, wrote in a blog post. Intel isn’t aware of any exploits of Variant 4 in the wild, Culbertson said, crediting the company’s expanded bug bounty program for boosting security. In a security advisory published Monday, Microsoft said that is wasn’t “aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate.” The Spectre (Variants 1 and 2) and Meltdown […]
The post Tech giants reveal new variant of Meltdown and Spectre vulns appeared first on Cyberscoop.
Continue reading Tech giants reveal new variant of Meltdown and Spectre vulns
As of version 8 (later backported to 7.3), GCC has added retpoline support [0]. While I understand that it is intended[citation needed] for use in kernel patching for Spectre (ie: [1][2]), that does not prevent normal develop… Continue reading Compiling with GCC retpoline flags
I understand sequential execution and time-based attacks but how are these used in real life scenarios?
Continue reading What could be a scenario of spectre attack when an attacker gains something private
Let’s assume I have a computer with a pre-Skylake Intel processor that doesn’t have microcode mitigating the Spectre V2 attack. Then to my understanding, if the kernel and all user-space applications are compiled with retpoli… Continue reading What Spectre V2 patches fixes which vulnerabilties on Linux?
Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a German magazine alleges. Continue reading Report: Intel Facing New Spectre-Like Security Flaws
Microsoft has released new Spectre mitigations for Windows 10, which include Intel microcode fixes for CPUs running on Windows. Continue reading Microsoft Issues More Spectre Updates For Intel CPUs
My limited understanding of Spectre (Variant 2) leads me to believe that in order for a computer to be fully protected it must have an OS update and microcode update.
Windows and Linux computers require either microcode upda… Continue reading Spectre and Need for Microcode Updates (Mac)