Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre

SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)
SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)
Since the research team who discovered the SplitSpectre attack used SpiderMonkey 52.7.4 — the JavaScript engine in Firefox — to target both Intel and AMD chips nobody seems to be safe anymore. The attack has been successfully carried out against Intel Haswell, Intel Skylake, and AMD Ryzen processors.
Codrut Nistor,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

The discovery of the Spectre attack and the patches that followed it are not that far in the past, but the ghostly bug is now returning in a slightly different form. According to a team that consists of three academics from Northeastern University and three researchers from IBM Research, a new variation of the Spectre vulnerability can be exploited using browser-based code.

Just like its predecessor, the SplitSpectre vulnerability (more details can be found in this research document) is a design flaw in the microarchitecture of contemporary processors and can be exploited via speculative execution. The main difference is the actual attack method, which now involves a sequence of malicious code that can be run within the attacker's source instead of the target's kernel. This way, the entire procedure is simplified (click here for a detailed figure showing the original and improved attacks). 

The research team successfully carried out the aforementioned attack via SpiderMonkey 52.7.4 — Firefox's JavaScript engine — against AMD Ryzen, Intel Haswell, and Intel Skylake processors. 

That might sound scary, but — thankfully — the systems that have been immunized against the original Spectre attack cannot be affected by its sibling, either. However, those who failed to install the updates can be successfully targeted using the SplitSpectre attack. After all, the original research team who discovered the initial Meltdown and Spectre attacks have published last month no less than seven variations and it was not such a big deal.

The final lesson? Always keep your software up to date, of course.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Codrut Nistor
Codrut Nistor - Senior Tech Writer - 5438 articles published on Notebookcheck since 2013
In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 12 > The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre
Codrut Nistor, 2018-12- 4 (Update: 2018-12- 4)