Intel and AMD chips are under attack from a new generation of Spectre threats
Both companies acknowledge existence of new Spectre flaws
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
It seems as Spectre still hauntsIntelandAMDprocessors after cybersecurity researchers found new working speculative execution attacks.
To improve their performance, modern processors try to “guess” what tasks to do next. Speculative execution attacks abuse this mechanism to trick the computer into leaking private information, likepasswordsor other sensitive data, while it’s working ahead of time on the wrong guesses.
The most popular attack was called Spectre - first observed in early 2018, together with a sister vulnerability called Meltdown. At the time, it was said that most computers were vulnerable to Spectre and Meltdown, and the subsequent rush to fix the flaws made an even bigger mess, with some computers completely bricked as a result.
8BASE and Everest
Now, cybersecurity researchers Johannes Wikner and Kaveh Razavi from ETH Zurich claim that years after Spectre, there are multiple similar attacks that can work around existing defenses.
Among them are two methods that work on Linux, and affect a wide range of Intel processors (Intel’s 12th, 13th, and 14th chip generations for consumers, and 5th and 6th generation of Xeon processors for servers), and many AMD chips (Zen 1, Zen 1+, Zen 2).
The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, it was explained. IBP is pivotal in defending against speculative execution attacks.
In the meantime, the researchers notified both Intel and AMD of their findings, and both companies have acknowledged the existence of the vulnerabilities. In fact, both said they already discovered them and are working on a fix. Intel is tracking it as CVE-2023-38575, and AMD is tracking it as CVE-2022-23824. Intel fixed it with a firmware update released in March, but according to BleepingComputer, the fix has not yet reached alloperating systems.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaBleepingComputer
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Rising AI threats are making firms turn back to human intelligence
Thousands of employees could be falling victim to obvious phishing scams every month
Warhammer 40,000: Darktide is coming to PS5 with PS5 Pro support at launch