A team of nine investigators claims to have detected seven new CPU attacks. The attacks affect AMD, ARM and Intel CPUs at various levels. Two of the attacks appear to be variations of Meltdown, the other five are variations of Spectre. That’s what ZDNet reports.
Meltdown and Spectre were unveiled at the beginning of this year, but had been around for years. The vulnerabilities hit almost all devices with Intel modem. Meltdown breaks the fundamental isolation between user apps and the operating system. This allows a program to access the memory and with it the secrets of other programs and the operating system. Over the past few months, several variations of the attack have been discovered.
The Spectre-vulnerability breaks the insulation between different applications. This allows an attacker to persuade trouble-free programs to reveal their secrets. In recent months, numerous new variations have emerged from this.
As said before, the team of investigators has now discovered two new Meltdown attacks. These include Meltdown-BR, which exploits x86 bound instruction on Intel and AMD, and Meltdown-PK, which bypasses memory security keys on Intel CPUs.
The researchers further discovered three new Spectre attacks exploiting the Pattern History Table mechanism and two attacks against the Branch Target Buffer. These attacks are called PHT-CA-OP, PHT-CA-IP, PHT-SA-OP, BTB-SA-IP and BTB-SA-OP. These attacks impact AMD, ARM and Intel CPUs.
The three CPU manufacturers were informed of the findings by the investigation team. Only ARM and Intel recognized their findings, according to the researchers. The researchers also discovered that a number of measures taken by the manufacturers that had already been implemented were unable to stop the attacks, even if they had to do so in theory.
“The vulnerabilities in this paper can be fully addressed by using existing mitigation techniques for Spectre and Meltdown, including those that are documented here and placed elsewhere by other chip manufacturers,” said Intel in a statement.
“Protecting customers remains an important priority for us and we are grateful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven and the College of William and Mary for their research.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.