The ripples created by Specter’s widespread vulnerability, which affected many processors and devices in 2018, are still being felt today. Security researchers have discovered several new variants of the shortcoming that, while difficult to implement, would be difficult to mitigate.. The three new types of potential attacks on Specter affect all modern AMD and Intel processors with micro-operational caches, according to a new article by academics from the University of Virginia and the University of California, San Diego. To make matters worse, none of the existing mitigating ghosts can protect against attacks that use the new options.
Before going public with the information, researchers warned Intel and AMD about the feats that could potentially allow hackers to steal data from a machine, reports Phoronics. But so far no microcode updates or OS fixes have been released and it may just stay that way. This is because the nature of the attacks and their mitigations are confused and come with a big warning.
According to Tom hardware,, the danger can be limited to direct attacks, as exploiting vulnerabilities in the micro-ops cache is extremely difficult. In essence, malware will have to circumvent all other software and hardware security measures that modern systems have.
For processor manufacturers, one of the biggest concerns will be the performance-limiting measures outlined by researchers, including flushing the micro-operations cache when crossing domains or splitting caches at the privilege level. The newspaper̵
The first of a trio of possible exploits is the same interdomain attack thread that leaks secrets across the user’s core. A separate option relies on a cross-SMT thread attack, which transmits secrets through two SMT threads via the micro-op cache. The document also describes “transitional execution attacks” that can be used “to leak an unauthorized secret that is accessed in an erroneously speculated way, even before the transitional instruction is sent for execution.”
All products recommended by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories involve partnerships. If you purchase something through one of these links, we can earn a partner commission.