Just after Intel announced the fuse on the processor in the past five years, after the Ghost's two major security loopholes have all been repaired, another researcher has released a new loophole.
According to the researchers, the new flaw called BranchScope has been confirmed on the Intel Sandy Bridge 2nd generation Core, Haswell 4th generation Core, and the 6th generation Core of Skylake, similar to the second variant of Ghost Vulnerability, and is also a branch prediction function involving CPU. You can use directional branch predictors to trick the CPU into accessing specially crafted data to launch an attack.
Now, we got the official response from Intel for this loophole.
Intel said that it has cooperated with relevant researchers and Confirming new vulnerabilities is similar to previously known side-channel attack vulnerabilities.
Intel expects Previously software protection measures against known side channel vulnerabilities, such as encryption algorithms, are equally valid for new vulnerability attacks.
In other words, the new loopholes in this exposure are indeed similar to those in the past, and they are similarly protected. Therefore, the impact will not be too great. We can all feel at ease.
The official Intel response is as follows:
We have collaborated with these researchers and have confirmed that the attacks described by them are similar to the previously known side-channel analysis loopholes.
We anticipate that software protection measures used for previously known side channel vulnerabilities, such as the use of cryptographic algorithms to defend against side channel attacks, are equally valid for the attack described in this paper.
We believe that close cooperation with researchers is one of the best ways to protect customers and their data. We appreciate the work of these researchers.
