Researchers Reveal Variant 4 of Spectre Vulnerability

spectre-vulnerabilityBy Hilbert Hagedoorn @ Guru3D

As discussed a few weeks ago, a new Spectre vulnerability has been shared and made public today. Earlier on it was reported that there are eight new vulnerabilities, grouped and named as Spectre-ng, of which four are critical. Today the Store Bypass (SSB) vulnerability has been published and effects Intel, AMD and ARM.

Researchers from Microsoft and Googles Project Zero now published information about one of the vulnerabilities, the so-called fourth variant Spectre vulnerability, which can cause security issues. A new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639. Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability.

In the case of Just-in-Time (JIT) compilers, such as JavaScript JIT employed by modern web browsers, it may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of speculative Store Bypass (SSB). However, Microsoft Edge, Chrome and other major browsers have taken steps to increase the difficulty of successfully creating a side channel. So with your latest Chrome, you should be fine and thus safe.

There are now four (published) variants of the Spectre vulnerability that can be used to read memory in processors that is not intended for that application, and thus can be abused.

Read more…