The Specter exploit is tracking chipmakers again as security researchers have discovered several new flavors affecting both Intel and AMD processors. Unfortunately, none of the patches released for earlier Specter versions work against these newcomers.
To catch up with you Specter (next to Meltdown) was a devastating bug discovered in 2018 affecting chips made by Intel and AMD. In the wrong hands, someone could steal your password and personal information from apps running on devices with Intel and AMD chips.
The exploits forced companies to quickly release patches and prompted Intel to redesign its chips after it was discovered that the flaw, which affected everything from PCs to servers to smartphones, had been hidden in chip designs for more than 20 years .
Now Specter has returned. Researchers from the University of Virginia and the University of California at San Diego found that the new variants Data leaks through micro-op caches, which are used to speed up processing by storing simple instructions so CPUs can get them quickly.
Every AMD chip (since 2017) and every Intel chip (since 2011) uses micro-op caches, so in theory they are all susceptible to this attack. The security researchers who discovered these variants listed three ways a CPU could be infiltrated.
- The same cross-domain thread attack that leaks secrets across the user-kernel boundary.
- A cross-SMT thread attack that transmits secrets across two SMT threads running on the same physical core but different logical cores via the micro-op cache.
- Temporary execution attacks, in which an unauthorized secret accessed through an incorrectly specified path can be lost before the temporary command is sent for execution.
Specter exploit: are you at risk?
When there is a silver lining, these theoretical attacks are difficult to carry out. So difficult that Intel and AMD may forego patching the vulnerabilities. How Tom’s hardware notesThe malware must bypass all other software and hardware safeguards on your device before it can launch a tricky, unconventional attack.
The final result? The risk that you will become a victim of this exploit is very small. Low risk is no risk, however, and both Intel and AMD have been made aware of these holes in their armor. So far, no company has released updates or patches.
Resolving this vulnerability could affect performance based on several methods suggested by researchers Intel and AMD. One of these involves emptying the micro-op cache at domain crossings, although this would require emptying the Instruction Translation Lookaside Buffer (iTLB), which would lead to “severe performance consequences”.
We contacted Intel and AMD to see if either chip maker would like to release patches for these latest Specter flavors. We’ll update this article when we hear something.