Intel Procs Again hit By Massive Vulnerability (called Spoiler)From Guru3d
05/03/19
Yeah, not exactly the most fun pun, but this is a spoiler alert. The vulnerability was given the name Spoiler and was discovered by the Worcester Polytechnic Institute and the University of Lbeck. it involves a leak in page mapping of working memory, making other attacks much easier to perform.
To perform tasks faster, speculative execution is applied to processes in working memory. In this case, data from the working memory is already cached in advance with so-called load and store instructions. However, if a physical memory address does not exist, data leaks away over the timing - the time it took to reach a physical memory address. The researchers mention , Rowhammer, cache and javascript attacks can be executed in merely seconds.
-- The Register --
This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot...
Read More