The Ghost of Spectre Again – SpectreNG

Windows Articles

Microsoft releases emergency update.

Security is one of the fundamental issues for Microsoft in Windows 10. In fact, since it was launched, the company has changed...

How to remove Windows 10 network credentials

Hi! Every time you access a website using Windows 10, a lot happens. In fact, the system will store the credentials to...

Top free apps for Windows 10

Hello! It is well known that Windows 10 is the most used operating system in the world. Indeed, there are many reasons...

How to install Owncloud on Ubuntu 20.04?

In this post, You will learn how to install Owncloud on Ubuntu 20.04. Many users and small businesses prefer...

Etherpad is a great open source collaborative editor

Hello! From time to time we get ourselves with really cool apps. This time we will talk about Etherpad. He is a...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

The Spectre is one of the major modern CPU bugs that were identified at the end of 2017. Along with the Meltdown, these bugs turned the world of security upside down. Even after such a long time, the ghost of Spectre is still haunting us. Recently, security researchers from Google and Microsoft have disclosed the existence of a new variant of the Spectre, codenamed Spectre variant 4.

The new flaw

Interestingly, the news of such a possible security flaw went out previously on a German magazine. However, the official statement and description came out very recently,

This new variant of Spectre infects processors from Intel, AMD, ARM and IBM. Companies like Intel, Microsoft, Ubuntu, Red Hat, IBM, ARM, AMD etc. have already published security advisories explaining the working method of this bug along with all the possible mitigation advices.

SpectreNG

This new variant of Spectre has also earned a nice name to call – SpectreNG. Both the researchers of Microsoft and Google identified the vulnerability independently. Both bug discovery have very similarities. That’s why they are classified as Spectre variant 3a and 4. The Spectre variant 3a is tagged as CVE-2018-3640 and variant 4 is tagged as CVE-2018-3639.

The variant 3a is a form of the Meltdown flaw whereas variant 4 is completely new attack from the Spectre family. As you may have already guessed, both of them are caused by speculative execution – a method that enables all the faster processing power of all the modern CPUs.

For understanding the working method of both of the vulnerabilities, take a look at this video that Red Hat published on YouTube.

According to Microsoft’s advisory, an attacker successfully exploiting the vulnerability can be able to read privileged data across trust boundaries. Such condition may break down the system of sandbox environment.

From Google’s part, Jann Horn, the man who was behind the invention of Meltdown and Spectre flaws, has also published the proof-of-concept code for the vulnerability. Unfortunately, a remove JavaScript code can successfully exploit the Spectre variant 4. According to Microsoft, there’s been no attempt recorded trying to exploit the vulnerability.

Additional patches

Intel’s general manager of Product Assurance and Security, Leslie Culbertson, said that the original patches for Meltdown and Spectre should be enough for mitigating the variant 4.

However, Intel has already released a new patch for the Spectre variant 4. It’s in the beta form and sent to OEMs.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Microsoft releases emergency update.

Security is one of the fundamental issues for Microsoft in Windows 10. In fact, since it was launched, the company has changed...

How to remove Windows 10 network credentials

Hi! Every time you access a website using Windows 10, a lot happens. In fact, the system will store the credentials to...

Top free apps for Windows 10

Hello! It is well known that Windows 10 is the most used operating system in the world. Indeed, there are many reasons...

How to install Owncloud on Ubuntu 20.04?

In this post, You will learn how to install Owncloud on Ubuntu 20.04. Many users and small businesses prefer...

Etherpad is a great open source collaborative editor

Hello! From time to time we get ourselves with really cool apps. This time we will talk about Etherpad. He is a...
x