Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability

Spectre is back with a vengeance, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A variant of the dreadedSpectrevulnerability has been discovered, and even though it’s only made it to the proof-of-concept stage, the sheer promise of its destructive power warrants swift action.

Researchers fromInteland VUSec discovered the flaw in both Intel andARMdevices, and have dubbed it Branch History Injection (BHI).

It bypasses Intel’s eIBRS, as well as Arm’s CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such aspasswords.

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.

Click here to start the survey in a new window«

AMD hardware unaffected this time

The list of affected chips is quite extensive, covering all of Intel’s processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2).  So far, it’s been said thatAMDchips are unaffected by the flaw.

This is also just a proof-of-concept vulnerability, that’s already being mitigated by both affected companies, which means its use in the wild throughmalwareshould be relatively limited. Whether or not the upcoming patches will severely impact theendpoints’ performance, as was the case with early Spectre and Meltdown patches, remains to be seen.

Keeping your CPU safe from Spectre imposes serious performance penalty>New Meltdown and Spectre exploits have been built, but aren’t in the wild… yet>Intel’s Amber Lake, Whiskey Lake Spectre and Meltdown protections aren’t 100% hardware-based

Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.

A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found onthis link.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

VUSec has published aYouTubevideo demonstrating how the flaw works, leaking a password in the process. You can find the videohere.

Via:Tom’s Hardware

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

Your next smartwatch could be battery-free – and powered by your skin