Security News Google and Microsoft Reveal New Spectre Attack

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/google-and-microsoft-reveal-new-spectre-attack/

Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.

Rumors about this new flaw leaked online at the start of the month in a German magazine, but actual details were published today.

AMD, ARM, Intel, Microsoft, and Red Hat have published security advisories at the time of writing, containing explanations of how the bugs work, along with mitigation advice.

Bug known as SpectreNG

The bugs —referred to in the past weeks as SpectreNG— are related to the previous Meltdown and Spectre bugs discovered last year and announced at the start of 2018.

Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as "variant 3a" and "variant 4" instead of separate vulnerabilities altogether.


Variant 1: bounds check bypass (CVE-2017-5753) aka Spectre v1
Variant 2: branch target injection (CVE-2017-5715) aka Spectre v2
Variant 3: rogue data cache load (CVE-2017-5754) aka Meltdown
Variant 3a: rogue system register read (CVE-2018-3640)
Variant 4: speculative store bypass (CVE-2018-3639)


The most important of these two is Variant 4. Both bugs occur for the same reason —speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

 

[Aleeyen]

One fact we should acknowledg; that as Human Beings we can never build something totally flawless.

 

[MeltdownEnemy]

I only say one thing to all you, I'll never buy an intel processor again, they're not sincere, they embed an hidden & obsolete internal OS called "minix" and other things on depth "ME boot controlers" that we do not wanted, they leaving things carelless who later will become holes of snake & scorpions at hardware level, no matter what the future may be, no matter how much answers we ask them for about the processor, they're in mute mode!
we wants only basics things inside their processors and always will ask for them about privacy & security transparence, no more shadows, things that for this time we wants for example: Intel internally builded or programed at open linux code based & updateable to this day over all years, a solution to disable MEI, but they will not do it. I only look billions of Processors that just are destined to work safely for only 2 years, that's not enough.

In addition:
the cheap excuse that they're providing us the solutions through of the companies who creates the motherboards with necessary patches to correct the error, but what good is it if their affiliates motherboards support will not correct the errors to anyone. it's no good.