Multiple new Meltdown and Spectre attacks that impact CPUs built by AMD, ARM and Intel have been discovered. In total, seven new attacks have been discovered, out of which, two are Meltdown variants and the rest are variants of the Spectre attack. hese new attacks could allow cybercriminals to access CPU memory, thus stealing information pertaining to programs and the operating system. A team of nine academics demonstrated the new attacks in their latest research paper titled, "A Systematic Evaluation of Transient Execution Attacks and Defenses".
The researchers said that they found these new vulnerabilities while performing “a sound and extensible systematization of transient execution attacks" on the CPUs.
The first Meltdown attack emerged in January this year. Since then, several new variants have been found by researchers. Foreshadow (or L1TF), Variant 1.2, Variant 3a and LazyFP are some of the variants discovered over the past few months.
Meltdown-BR - exploits an x86 bound instruction on Intel and AMD.
Meltdown-PK - bypasses memory protection keys on Intel CPUs.
Just like Meltdown, the Spectre flaw was also discovered during the same time. Spectre NG, SpectreRSB, and NetSpectre are some of the variants discovered over the last few months. Researchers conducted an extensive investigation to understand how these Spectre attack variants worked and which part of the CPU’s internal architecture was affected. Based on the research, they found three new Spectre attacks that exploit the Pattern History Table mechanism and two other Spectre attacks that abuse the Branch Target Buffer.
The research team has notified the three CPU vendors about the new Spectre and Meltdown attacks. However, Intel has dismissed the researchers statement on deploying of mitigation process.
If you have any queries,please do not hesitate to contact us: hello@stravatechnologies.in