Articles about spectre

Spraying bugs with insecticide

Second wave of Spectre-like CPU security flaws won't be fixed for a while

The new bunch of Spectre-like flaws revealed last week won't be patched for at least 12 days. German outlet Heise, which broke news of the eight Spectre-like vulnerabilities last week has now reported that Intel wants disclosure of the flaws delayed until at least May 21. “Intel is now planning a coordinated release on May 21 …
Spectre logo jazzed up

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's …
Shaun Nichols, 3 May 2018
Flyswat

Oracle whips out the swatter, squishes 254 security bugs in its gear

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most …
Shaun Nichols, 19 Apr 2018

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!

Chrome the 66th is upon us and has added some features that Google previewed in months past. One is the September 2017 decision to stop trusting Symantec’s digital certificates, ending a long dispute over the way the security vendor managed its partners’ PKI activities before June 2016. Chrome 66 will warn visitors to sites …
Simon Sharwood, 18 Apr 2018
Facebook CEO Mark Zuckerberg

Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

RSA 2018 Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug. The Cryptographers' Panel, an annual tradition at the event, this year included Ronald Rivest of MIT and Adi Shamir of the …
Shaun Nichols, 17 Apr 2018
Spectre logo jazzed up

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities. The new guidance, issued April 2, adds a “stopped” status to Intel’s “production …

Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX

Intel’s shrugged off two new allegations of design flaws that enable side-channel attacks. One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily …
Simon Sharwood, 28 Mar 2018
inception_screengrab_648

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack

Around 2003, a computer security portent that had been cheerlessly simmering away for years suddenly came to the boil. This was an era stricken by malware attacks on a scale few had prepared for, running software beset with flaws some vendors seemed disinclined to acknowledge let alone fix. Vulnerabilities, including high- …
John E Dunn, 26 Mar 2018
Shutterstock tools

Creaking Chromebooks getting Meltdown protection soon

Older Chromebook owners should keep an eye open for Chrome OS updates, because Google has announced they'll get Meltdown protection soon. The fix for the now-notorious speculative execution side-channel attack will arrive in Chrome OS 66. This went to the beta channel for Android last Friday (March 16). Older Chromebooks …
spectre

Intel: Our next chips won't have data leak flaws we told you totally not to worry about

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about. Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again. In …
John Leyden, 15 Mar 2018
Meltdown

Microsoft starts buying speculative execution exploits

Microsoft has created a new class of bug bounty specifically for speculative execution bugs like January's Meltdown and Spectre processor CPU design flaws. Noting that the Project Zero discoveries “represented a major advancement in the research in this field”, Redmond said the bounties will be available until 31 December 2018 …
Spectre graphic

Microsoft lobs Skylake Spectre microcode fixes out through its Windows

Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips. Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get …
Shaun Nichols, 1 Mar 2018
Homer Simpson

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

Vid The Spectre design flaws in modern CPUs can be exploited to punch holes through the walls of Intel's SGX secure environments, researchers claim. SGX – short for Software Guard eXtensions – is a mechanism that normal applications can use to ring-fence sections of memory that not even the operating system nor a hypervisor can …
Three candles - suggesting performance graph

Intel gives Broadwells and Haswells their Meltdown medicine

Intel slipped out a new Microcode Update Guidance on Monday, revealing that lots of Haswell and Broadwell Xeons can now receive inoculations against the Meltdown and Spectre CPU design flaws. The new document (PDF) says Broadwell processors with CPUIDs 50662, 50663, 50664, 40671, 406F1, 306D4 and 40671 are ready for their …
Simon Sharwood, 28 Feb 2018
Evil Uncle Sam

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

Letters sent to the United States Congress by Intel and the other six companies in the Meltdown/Spectre disclosure cabal have revealed how and why they didn't inform the wider world about the dangerous chip design flaws. Republican members of the House Energy and Commerce Committee sent letters to the seven in January, to seek …
Simon Sharwood, 23 Feb 2018
Meltdown bug

OpenBSD releases Meltdown patch

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux kernel. A few days after the Meltdown/Spectre bugs emerged in January, OpenBSD's Phillip Guenther responded to user concerns with a post …
AMD underwater

Guess who else Spectre is haunting? Yes, it's AMD. Four class-action CPU flaw lawsuits filed

It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the chip vulnerabilities. At least four separate lawsuits have now been filed against the California-based processor slinger, alleging …
Shaun Nichols, 21 Feb 2018
Person hides face in shocked anticipation of something horrible. Photo via shutterstock

If at first you don't succeed, you're likely Intel: Second Spectre microcode fix emitted

Updated For the second time of asking, Intel has issued microcode updates to computer makers that it prays says will mitigate the Spectre variant two design flaw impacting generations of x86 CPUs spewed out over previous decades. Yep, old Chipzilla has turned up at the scene of the metaphorical IT industry earthquake with a dustpan …
Paul Kunert, 21 Feb 2018

Create a news alert about spectre, or find more stories about spectre.

Biting the hand that feeds IT © 1998–2018