Spectre and Meltdown, two critical vulnerabilities affecting processors designed in the past two decade, were disclosed early this year. Chip designers like Intel and software developers like Microsoft, Apple and Google scrambled to issue fixes for their products. Now, two new variants of Spectre-class vulnerabilities have come to light.
Security researchers have revealed details of two new Spectre-class vulnerabilities called ‘Spectre 1.1’ and ‘Spectre 1.2’. Just like all the previous Spectre and Meltdown vulnerabilities, these two new Spectre-class vulnerabilities exploit speculative execution, a feature found in all modern CPUs that improve performance by computing operations in advance. The process predicts next action of the user and discards all the unneeded data later.
According to researchers, the Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code. This allows the attacker to retrieve data from previously-secured CPU memory sections. This particular vulnerability is very similar to the Spectre variant 1 and 4, and the researchers who discovered the bug say “currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1.”
The researchers say that with Spectre 1.2, the bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags. “As a result [of malicious Spectre 1.2 writes], sandboxing that depends on hardware enforcement of read-only memory is rendered ineffective,” researchers said in their findings. In order to exploit, both vulnerabilities require the presence of malicious code on a user’s PC. The approach is similar to previous versions of Meltdown and Spectre were the code responsible for running the attack must be on the target device. This approach somewhat limits the distribution of these bugs.
Bleeping Computer reports that Intel and ARM have publicly acknowledged that some of their CPUs are vulnerable to Spectre 1.1. AMD has not confirmed whether its processors are vulnerable and the company has been slow at detailing security issues. However, it is safe to assume that AMD processors are also affected by these newly discovered Spectre-class vulnerabilities.
Watch: Lenovo ThinkPad X1 Carbon First Look
The researchers have not disclosed the CPUs affected by Spectre 1.2 vulnerability and at this moment, no patches are available for either of the two bugs. Microsoft, Oracle and Red Hat have confirmed that they are investigating if Spectre 1.1 affects data handled by their products and are planning to mitigate the risk at the software level.
It is also not clear whether patches for Spectre 1.1 will further slow down processors designed by Intel. The two researchers have suggested three hardware-based mitigations for preventing Spectre 1.1 attacks and one for Spectre 1.2. Intel has confirmed that next-generation Core CPUs will have protection against Meltdown and Spectre at the hardware level.