As the most serious computer hardware security flaw that has surfaced in recent years, extravagant attackers can use the processor’s Specter and Meltdown vulnerabilities to access protected memory information on your computer, such as browsing The password saved in the device, or e-mail and other privacy. The awkward part is that despite all the hardware and software manufacturers in the industry are trying to make patches, a new variant of the two security vulnerabilities attacks continue to emerge.
Intel, AMD and other hardware and software vendors introduced repair patches, but the performance of the computer caused a certain degree of adverse effects. Affected Intel said it promised to eliminate the vulnerability in subsequent CPUs.
However, a research team at Nvidia and Princeton University just disclosed two new methods for exploiting Meltdown and Specter vulnerabilities in a new report ( PDF ) called “MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols.”
It is reported that an attacker can make the CPU’s two cores hostile to each other to deceive the multi-core system to give up the cache data. The following is an excerpt from the summary of the study:
In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime — two variants of Meltdown and Spectre, respectively — can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.
…MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol.”
All in all, currently available patches and security updates may have addressed the issue of variant attacks. However, based on the latest status, Intel and AMD may want to consider adjusting their upcoming CPU hardware.
Source: TechSpot
