Intel pays $100,000 in prize money for new Spectre variant discoverers
Security researcher Kiriansky discovered a new variant of the Spectre attack, and Intel received $100,000 from Intel through the company’s vulnerability bounty program.
The new defect is a variant of Spectre Variant 1 (CVE-2017-5753), which track as Spectre 1.1 (CVE-2018-3693) and Spectre 1.2. The more serious of these problems is Spectre 1.1, and its description is the Border Check Bypass Storage (BCBS) problem. Like classic buffer overflows, speculative out-of-bounds storage can modify data and code pointers.
Data value attacks can bypass some Spectre-v1 mitigations either directly or by redirecting control flow. Control flow attacks allow arbitrary speculative code execution, which bypasses fence directives and all other software mitigations for previous speculative execution attacks. Building a Redirected Programming (ROP) gadget that can be used to construct an alternative attack payload is easy. Another expert said that Spectre 1.2 affects CPUs that fail to enforce read/write protection, allowing attackers to override read-only data and code pointers to break the sandbox.
Although the expressions of the responses of significant companies are different, the core ideas are the same. Both Intel and ARM have released white papers describing new vulnerabilities.
Microsoft also updated its Spectre / Meltdown announcement on Tuesday to include information about CVE-2018-3693 and said: “Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.”
Oracle is also evaluating the impact of these vulnerabilities on its products and is committed to providing technical mitigation measures. According to Eric Maurice, Director of Oracle Security, “Please note that many industry experts expect that many new vulnerabilities exploiting these known deficiencies in modern processor designs will continue to disclose for the foreseeable future. These issues may primarily affect the operating system and virtualisation platforms and may require software updates, microcode updates, or both. Fortunately, the exploitation conditions for these problems are still similar: malicious exploitation requires the attacker first to obtain the permissions needed to install and execute malicious code against the target system.
