Four new critical Spectre CPU vulnerabilities uncovered
The year 2018 started of with a security bang. The Meltdown and Spectre vulnerabilities in Intel and other CPUs shook the world. By end of April these were largely mitigated by software and hardware vendors. In early May news of new vulnerabilities were unearthed.
The news comes from the Online German IT publication Heise.de. According to their sources a total of eight new vulnerabilities will be announced immediately. Out of these "Spectre Next Generation" vulnerabilities four are said to be critical in nature. Currently only Intel processors are classed bulnerable, but the ARM CPU architecture is reportedly not immune to a similar attack.
The original three vulnerabilities (Meltdown, Spectre I, and Spectre II) opened up a can of worms. A whole new class of attack vectors was opened up, as security researchers as well as malicious hackers started searching for other vulnerabilities in core CPU capabilities. According to Heise.de one of these new vulnerabilities has been found by the Google Project Zero group.
The new vulnerabilities are not yet publicly disclosed, but it is likely that they will use similar approaches like Side Channel Attacks to exploit the vulnerability in CPU architectures' features like Speculative Execution. As before, information is already released to hardware and software vendors, with at least Microsoft reportedly readying a patch for Windows.
Exact timeline for publishing the vulnerabilities is said to be imminent. Some information might be uncovered in a matter of days, with the 7th of May being listed as a deadline for one of the issues.
After the disclosure is made, patching becomes a top priority as exploits for the vulnerabilities will likely spring up fast. We are already seeing similar activity in many cases, for example with the recent string of vulnerabilities in the Drupal CMS are exploited widely by botnets.
Source: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
Tweet