'

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

ARM and AMD may also be affected

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Intel has confirmed that their processors are affected by two new Spectre-class vulnerabilities, both of which are related to Spectre variant 1. These bugs, which are now known as Spectre 1.1 and 1.2 or CVE-2018-3693, can deliver code that can overflow a processors store cache and retrieve data from what should be secured sections of memory. 

These vulnerabilities were uncovered by Vladimir Kiriansky and Carl Waldspurger, who have received $100,000 from Intel as part of their bug bounty program. This payment proves the legitimacy of these issues, with Vladimir Kiriansky and Carl Waldspurger co-publishing a report on their findings, which is available to read here

In their report, it was confirmed that Spectre 1.1 affected both ARM and Intel x86 processors. At this time the vulnerabilities affect on AMD processors have not been verified. Proof-of-concept code has been provided to AMD, Google, IBM and Microsoft for additional verification and the development of software mitigations.  

Both of these bugs require the use of malicious code to operate, minimising the potential impact of the vulnerability, though at this time mitigations for both bugs are not available. 

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors  

According to a report from The Register, Intel plans to bundle their disclosures together into quarterly updates, allowing the company to release security information at more regular intervals. This change will enable security researchers and system administrators to better plans how to update their systems or test future firmware or software mitigations.  

You can join the discussion on the Spectre 1.1 and 1.2 vulnerabilities that were found on Intel processors on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

11-07-2018, 10:57:24

Dawelio
I just love seeing how Intel, whom been the top dog for ages, now gets in the backside. These are things that should’ve been dealt with years ago.Quote

11-07-2018, 19:58:51

Kleptobot
Quote:
Originally Posted by Dawelio View Post
I just love seeing how Intel, whom been the top dog for ages, now gets in the backside. These are things that should’ve been dealt with years ago.
To say these exploits should have been dealt with years ago is a fairly naive statement.
The way these exploits function was not even thought possible until recently, they rely on complex interactions between systems that individually.

In other words hindsight's a bi#chQuote

11-07-2018, 20:38:40

Dawelio
Quote:
Originally Posted by Kleptobot View Post
To say these exploits should have been dealt with years ago is a fairly naive statement.
The way these exploits function was not even thought possible until recently, they rely on complex interactions between systems that individually.

In other words hindsight's a bi#ch
Why is it naive though? I’m not a fan boy at all, but Intel has been doing processors for decades. They’ve been designing them from the ground up and manufacturing them.

And yes, only recently have these exploits been ”revealed”. Then how come most exploits are affected on Intel CPUs and not as much on AMD (from what I’ve read so far anyway)?... As AMD’s Ryzen is a completely new architecture, hence Intel kept using almost the same for years.

So I don’t believe it’s hindsight, I’m pretty sure Intel was aware of this. Only like any other company, kept quiet about it untill it came to the surface. This isn’t anything new when it comes to business.

Not to mention Intel’s customer treatment, which in my eyes have been bad. Although not that I could care any less about this to be honest with you, since this stuff is way out of my knowledge.

So overall, in my opinion, they are getting what they deserve here.
And I’m glad I went AMD.Quote

11-07-2018, 20:44:14

NeverBackDown
It's naive because the flaws in the security is based on something that is inherently apart of the way CPUs are designed and have been for decades. So these flaws are being subjected to very specific attacks. Since they are both brand new exploits that will take years to fix and as we have seen before fixes reduce performance. So it's going to take a lot of engineering to get it right.Quote

11-07-2018, 20:50:31

Dawelio
Quote:
Originally Posted by NeverBackDown View Post
It's naive because the flaws in the security is based on something that is inherently apart of the way CPUs are designed and have been for decades. So these flaws are being subjected to very specific attacks. Since they are both brand new exploits that will take years to fix and as we have seen before fixes reduce performance. So it's going to take a lot of engineering to get it right.
I’m gonna be honest here, I did not understand what you just wrote mate ...Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.