Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Intel has confirmed that their processors are affected by two new Spectre-class vulnerabilities, both of which are related to Spectre variant 1. These bugs, which are now known as Spectre 1.1 and 1.2 or CVE-2018-3693, can deliver code that can overflow a processors store cache and retrieve data from what should be secured sections of memory. 

These vulnerabilities were uncovered by Vladimir Kiriansky and Carl Waldspurger, who have received $100,000 from Intel as part of their bug bounty program. This payment proves the legitimacy of these issues, with Vladimir Kiriansky and Carl Waldspurger co-publishing a report on their findings, which is available to read here. 

In their report, it was confirmed that Spectre 1.1 affected both ARM and Intel x86 processors. At this time the vulnerabilities affect on AMD processors have not been verified. Proof-of-concept code has been provided to AMD, Google, IBM and Microsoft for additional verification and the development of software mitigations.  

Both of these bugs require the use of malicious code to operate, minimising the potential impact of the vulnerability, though at this time mitigations for both bugs are not available. 

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors  

According to a report from The Register, Intel plans to bundle their disclosures together into quarterly updates, allowing the company to release security information at more regular intervals. This change will enable security researchers and system administrators to better plans how to update their systems or test future firmware or software mitigations.  

You can join the discussion on the Spectre 1.1 and 1.2 vulnerabilities that were found on Intel processors on the OC3D Forums.