Notebookcheck

The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre

SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)
SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)
Since the research team who discovered the SplitSpectre attack used SpiderMonkey 52.7.4 — the JavaScript engine in Firefox — to target both Intel and AMD chips nobody seems to be safe anymore. The attack has been successfully carried out against Intel Haswell, Intel Skylake, and AMD Ryzen processors.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team!

Currently wanted: 
News Editor - Details here

The discovery of the Spectre attack and the patches that followed it are not that far in the past, but the ghostly bug is now returning in a slightly different form. According to a team that consists of three academics from Northeastern University and three researchers from IBM Research, a new variation of the Spectre vulnerability can be exploited using browser-based code.

Just like its predecessor, the SplitSpectre vulnerability (more details can be found in this research document) is a design flaw in the microarchitecture of contemporary processors and can be exploited via speculative execution. The main difference is the actual attack method, which now involves a sequence of malicious code that can be run within the attacker's source instead of the target's kernel. This way, the entire procedure is simplified (click here for a detailed figure showing the original and improved attacks). 

The research team successfully carried out the aforementioned attack via SpiderMonkey 52.7.4 — Firefox's JavaScript engine — against AMD Ryzen, Intel Haswell, and Intel Skylake processors. 

That might sound scary, but — thankfully — the systems that have been immunized against the original Spectre attack cannot be affected by its sibling, either. However, those who failed to install the updates can be successfully targeted using the SplitSpectre attack. After all, the original research team who discovered the initial Meltdown and Spectre attacks have published last month no less than seven variations and it was not such a big deal.

The final lesson? Always keep your software up to date, of course.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 12 > The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre
Codrut Nistor, 2018-12- 4 (Update: 2018-12- 4)
Codrut Nistor
Codrut Nistor - News Editor
Although I have been writing about new software and hardware for almost a decade, I consider myself to be old school. I always enjoy listening to music on CD or tape instead of digital files and I will not even get into the touchscreen vs physical keys debate. However, I also enjoy new technology, as I now have the chance to take a look at the future every day. I joined the Notebookcheck crew back in 2013 and I have no plans to leave the ship anytime soon.