Spectre-like variations continue to be discovered, just as academics predicted at the start of 2018.
Three academics from Northeastern University and three researchers from IBM Research have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code. The research team says this new CPU vulnerability is, too, a design flaw in the microarchitecture of modern processors that can be exploited by attacking the process of "
speculative execution," an optimization technique used to improve CPU performance.
The vulnerability, which researchers codenamed SplitSpectre, is a variation of
the original Spectre v1 vulnerability discovered last year and which
became public in January 2018.
The difference in SplitSpectre is not in what parts of a CPU's microarchitecture the flaw targets, but how the attack is carried out.
According to the research team, a SplitSpectre attack is far easier to execute than an original Spectre attack. Researchers explain:
...
...
...