Meltdown fuses, Spectre ghost two major security vulnerabilities were discovered, the vulnerability of the Intel processor began to appear, especially the ghost vulnerability variants.
just now, Vladimir Kiriansky from MIT, Carl Waldspurger, a consulting firm, and a security researcher on the Intel processor discovered a new variant of Ghost Vulnerability, called Spectre v1.1, security number CVE-2018-3693.
The new vulnerability is similar to other variants of the ghost. It also utilizes the predictive execution engine on the Intel processor to initiate a boundary check bypass storage (BCBS) attack.
On an infected machine, a malicious program can change the function pointer, return the address in the predictive execution engine, and redirect the data stream to the unprotected memory address space so that the malware can be read and used at any time.
The data stream here can be any type of data, including encryption keys, passwords, etc. Personal privacy.
The researchers also pointed out the Spectre v1.2 vulnerability variant. On processors that don't enforce read-write protection, predictive storage can override system data and code pointers to break the sandbox.
Intel has verified Specre v1.1, v1.2 on its processor and will resolve it in the quarterly patch set push.
In accordance with Intel’s vulnerability award policy, Vladimir Kiriansky, Carl Waldspurger is expected to receive a $100,000 prize.
Looking at this situation, there will definitely be new ghost vulnerabilities in the future that will attack Intel processors, but since the basic principles are similar, the fix will be faster.
