Fresh fright of data-spilling Spectre CPU design flaws haunt Intel
Chipzilla checking fresh set of CVEs in chip side-channel flaw
Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips.
German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's processors.
"So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable," Jürgen Schmidt reported.
Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGXREAD MORE
"Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent."
The report notes that Intel has been alerted as to the exploit methods, though Chipzilla isn't saying much on the matter right now.
"Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers," executive VP and general manager of product assurance and security Leslie Culbertson said in a statement to The Register.
"We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations."
The disclosure of new ways to leverage Spectre – which can be exploited by malicious software on a device or PC to extract passwords and other secrets from memory it shouldn't be allowed to access – should hardly come as a shock, given the nature of the deep design flaw and how difficult it is for chip designers to fully address. Seemingly every few weeks, brainiacs have found and written up new variants and points of entry related to the bug, and new variations will likely continue to be found until chipmakers can get redesigned processors to market later this year.
In the meantime, here are the lists of affected Intel, AMD, and Arm processor designs vulnerable to Spectre and its cousin Meltdown. Companies building this tech into their products, for example Qualcomm's use of Arm cores in its smartphone chips, and the tons of vendors of Arm-powered internet-of-things gear, are also affected. ®
Sponsored: Becoming a Pragmatic Security Leader