The aftershocks of the Specter vulnerability, which affected many processors and devices in 2018, are palpable to this day. Security researchers have now discovered several new types of this vulnerability that, while difficult to exploit, will not be easy to eliminate.
According to a new paper by researchers at the University of Virginia and the University of California, San Diego, these three new types of Specter attacks could affect all modern Intel and AMD processors that use microchips. The bad news is that none of the available solutions to Specter vulnerabilities have worked against these attacks.
Researchers had warned Intel and AMD engineers about the vulnerabilities before releasing the information. These three new attacks could allow hackers to steal information from computer systems. So far no new updates to the microcodes or patches for the operating systems have been released, and the situation may continue. Because the nature of these attacks is complicated by a fundamental problem.
The threat that currently threatens systems is likely to be limited to direct attacks because it is extremely difficult to exploit the vulnerability of microchips. In other words, malware must bypass all security software and hardware in modern systems to take advantage of this problem.
The main concern of CPU manufacturers is the solution that the researchers have suggested as a solution in their paper, which includes resetting the cache-operation in the range of the bandwidth or caching-level partitioning that affects system performance. The authors of this article claim that doing so is much more costly than the methods offered to deal with previous attacks.
The first new vulnerability to be discovered is multi-domain attacks on shared processing threads that reveal passwords within the user kernel. The second vulnerability relies on a cross-SMT string attack that sends passwords to two SMT strings via micro-operations. The third vulnerability is a transient attack that can be used to expose unauthorized passwords even before the transient instruction is executed.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated