Modern day CPUs are all flawed up to a severe extent, right? With the discovery of the Meltdown and Spectre, the life of everyone was already put in hot water. Well, the water is about to get hotter. Scientists have recently discovered more variants of the Spectre, codenamed Spectre 1.1 and Spectre 1.2.
Spectre is the type of vulnerability that allows access to even the most protected parts of the processor due to the speculative execution. Spectre has been ongoing as a major threat as there’s no definite way to disable this bug without completely changing the hardware! OS vendors released patches to their systems for mitigating Spectre as much as possible.
But with these new 2 variants, the arsenal of Spectre is becoming heavier.
Spectre 1.1 and 1.2
Two security researchers discovered these ones and published details on how they work. Let’s take a look at a short summary of these two.
Spectre 1.1 attack takes the advantage of speculative execution for delivering the code that overflows CPU store cache buffers for writing malicious code. These codes would retrieve data from the previously secured CPU memory sections.
Spectre 1.1 is quite similar to Spectre variant 1 and 4. However, according to the researchers who discovered the bugs said that there are currently no effective way for compiler instrumentation or static analysis available that can generically detect and mitigate Spectre 1.1.
In the case of Spectre 1.2, the bug is exploitable for writing to CPU memory sectors where those memory were read-only. According to the researchers, this would render the hardware enforcement of read-only memory in sandboxing completely ineffective.
However, for exploiting these bugs, like most other Meltdown and Spectre bugs, requires the presence of a malicious parent program that would run the attacks. Thus, the real life scope of these vulnerabilities is less than you’d expect. However, that’s not an excuse for system admins who fails to apply patches when they becomes available.
Intel, ARM infected, AMD too (most likely)
Intel and ARM have officially acknowledged that their processors are vulnerable to the Spectre 1.1. We’re yet to get an official statement from AMD regarding this matter but if the history teaches us something, AMD is too slow at reviewing security issues, relatively speaking. In the case of Spectre, all the other variants infected AMD chips. That’s why it’s safe to assume that these new Spectre variants will also affect AMD processors.
We don’t have much information about Spectre 1.2 at the moment as security researchers didn’t disclose too much information. Anyway, there are currently no patches for these two Spectre variants. Vendors are already working on mitigating these at the software level.
Microsoft, Red Hat and Oracle said that they are investigating Spectre 1.1 and trying to find out if it infects their products. They’re also looking for ways that can effectively mitigate the risk at the software level.
In the research paper, the researchers who found the flaws suggested hardware level mitigation for preventing Spectre 1.1. The research paper features 3 hardware-based mitigations for Spectre 1.1 and 1 for Spectre 1.2.
The security researchers were paid a handsome bounty ($100,000) for discovering the bugs. This is the highest bounty known till date for Intel’s bug bounty program.
Interested in more Spectre? Don’t forget to check out SpectreNG – another ghost of Spectre.