Rechercher dans ce blog

Monday, May 3, 2021

Spectre comes back from the dead to haunt Intel chips - AppleInsider

chips.indah.link

Security researchers have found new versions of chip flaws affecting Intel and AMD processors that get around existing mitigations for Spectre attacks, resurrecting vulnerabilities that may affect Intel-based Macs.

In 2018, an Intel chip kernel flaw was found that allowed attackers to gain access to protected data, which could include passwords and application keys. While patches and mitigations were put in place to block the so-called "Spectre" attacks from happening, researchers have determined the efforts aren't enough to prevent the attacks entirely.

In a paper published by researchers from the University of Virginia and the University of California, at least three new versions of Spectre attacks have been found affecting micro-op caches in Intel and AMD processors.

Crucially, the three methods determined by the researchers get around previous Spectre defences that prevented such data leaks. This means current processors are vulnerable to the Spectre-like attacks, despite their anti-Spectre protections.

The researchers have already disclosed their research to Intel and AMD, reports Phoronix, but so far there have yet to be any kernel patches or microcode updates distributed by either side ahead of the public disclosure.

Part of the problem is that the fix may introduce a "much greater performance penalty" than previous mitigations. Example fixes include flushing the micro-op cache at domain crossings, or to instigate privelige level-based partitioning of caches.

While the disclosure is quite damning to Intel and AMD, the high difficulty of pulling off an attack makes it unlikely that it will affect many people at all. To do so, the malware would have to thread the needle of getting past all existing security measures included in operating systems, before even attempting to use any of the vulnerabilities in the first place.

At this time, it is unknown if the vulnerabilities affect Intel-based Macs, but it is likely that they are at a minimal risk of attack. With Apple's move to Apple Silicon and its home-grown architecture, new Macs aren't likely to be directly affected by the new discovery.

That being said, Apple did introduce fixes to combat Spectre and "Meltdown," another chip flaw discovered at the same time in 2018. Mitigations were issued in macOS, iOS, and tvOS, indicating Apple's A-series chips were also vulnerable at the time.

The Spectre headache was a long-running problem for Intel. More Spectre-style vulnerabilities were disclosed in a second wave in mid-2018.

An inevitable class-action lawsuit against Apple was attempted, claiming the company's handling of the vulnerabilities had slowed down A-series chip products. By January 2019, the case was dismissed for a lack of standing.

The Link Lonk


May 03, 2021 at 07:55PM
https://ift.tt/2Sm7n9Y

Spectre comes back from the dead to haunt Intel chips - AppleInsider

https://ift.tt/2RGyUAH
Chips

No comments:

Post a Comment

Featured Post

Intel Delays “Sapphire Rapids” Server Chips, Confirms HBM Memory Option - The Next Platform

chips.indah.link It is a relatively quiet International Supercomputing conference on the hardware front, with no new processors or switch ...

Popular Posts