An old vulnerability returns to threaten unpatched systems.
Three years ago, Spectre appeared on the scene and put all the major chip manufacturers in a tizzy. They all scrambled to come up with a fix for this vulnerability.
Bleeping Computer has reported that security researcher Julien Voisin has discovered a pair of exploits targeting unpatched Linux and Windows systems. The exploits appeared on the VirusTotal platform. VirusTotal id a French outfit that gathers all antivirus scans in one place. It then checks for potential malware missed by different solutions.
These “new” Spectre exploits were uploaded a month ago.
A brief history of Spectre
The Spectre vulnerability was unveiled as a hardware bug in January 2018 by Google Project Zero researchers. Spectre is similar to its predecessor Meltdown, and is a dangerous form of cyber-attack. Spectre and Meltdown are alike in that neither is a true virus. Rather, they are vulnerabilities within the computer processor that are exploited to carry out an attack on a computer.
Spectre is uniquely dangerous because it can cause permanent, physical damage to a computer. For this reason, Spectre presents a core problem much more substantial than an average virus or malware. And for this reason, chip makers were very keen to come up with patches.
Indeed, Intel was faced with several lawsuits at the time. Some of these actually had to do with the way the company attempted to fix its affected chips.
Message: patch your system
As a result of the danger posed by Spectre to the chip industry, most operating systems and CPU manufacturers already supply a fix. However, systems that have not been patched remain at risk, including older operating systems and computers with five-year-old silicon.
The latter group of devices are even more at risk, as many chip firms have consciously decided not to apply a fix, given the noticeable performance decrease involved.
Related: Researchers find new Spectre-like attack: SplitSpectre