*

Translations for our friends around the world.

« previous next »
Pages: [1]   Go Down

Author Topic: Intel Procs Again hit By Massive Vulnerability (called Spoiler)  (Read 2758 times)

0 Members and 1 Guest are viewing this topic.

Offline Asid

  • HAVOC
  • *
  • Posts: 26287
Intel Procs Again hit By Massive Vulnerability (called Spoiler)
« on: March 06, 2019, 12:47:32 PM »
Intel Procs Again hit By Massive Vulnerability (called Spoiler)



From Guru3d
05/03/19

Yeah, not exactly the most fun pun, but this is a spoiler alert. The vulnerability was given the name Spoiler and was discovered by the Worcester Polytechnic Institute and the University of Lübeck. it involves a leak in page mapping of working memory, making other attacks much easier to perform.

To perform tasks faster, speculative execution is applied to processes in working memory. In this case, data from the working memory is already cached in advance with so-called load and store instructions. However, if a physical memory address does not exist, data leaks away over the timing - the time it took to reach a physical memory address. The researchers mention , Rowhammer, cache and javascript attacks can be executed in merely seconds.

    -- The Register --

    This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.

    Speculative execution, the practice of allowing processors to perform future work that may or may not be needed while they await the completion of other computations, is what enabled the Spectre vulnerabilities revealed early last year.

    In a research paper distributed this month through pre-print service ArXiv, "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks," computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.

Intel has was notified of the problem on December 1st. According to the researchers, a solution via a software update is virtually impossible and can only be remedied with an adjustment in architecture. If this is done, it will undoubtedly lead to lower performance. Whether there is a solution is very doubtful.

Arm and AMD processors are not vulnerable to this attack.


Original article


Logged
funny
0
informative
0
Thanks
0
No reactions
No reactions
No reactions

I stand against Racism, Bigotry and Bullying
Pages: [1]   Go Up
« previous next »
Tags:
     

    Intel Graphics Xᵉ Teaser video

    Started by Asid

    		 Replies: 0
    Views: 1946     		Last post February 25, 2019, 10:54:54 AM
    by Asid
    Massive US Army Helicopters "Invasion": World Record for OH-58 Kiowa Last Flight

    Started by Lumituisku

    		 Replies: 4
    Views: 3536     		Last post May 01, 2016, 07:27:15 PM
    by Lumituisku
    How to be called a bot in WoWs

    Started by Longknife

    		 Replies: 1
    Views: 2285     		Last post January 04, 2017, 09:13:13 PM
    by Rinix
    On the movie USS Indianapolis ==spoilers==

    Started by Don_prince

    		 Replies: 10
    Views: 6894     		Last post September 14, 2016, 09:18:34 PM
    by Longknife
    Massive Korea & U.S. Marines Amphibious Beach Landing

    Started by Asid

    		 Replies: 0
    Views: 2902     		Last post June 20, 2016, 07:11:46 PM
    by Asid