Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors

Intel has confirmed that their processors are affected by two new Spectre-class vulnerabilities, both of which are related to Spectre variant 1. These bugs, which are now known as Spectre 1.1 and 1.2 or CVE-2018-3693, can deliver code that can overflow a processors store cache and retrieve data from what should be secured sections of memory. 

These vulnerabilities were uncovered by Vladimir Kiriansky and Carl Waldspurger, who have received $100,000 from Intel as part of their bug bounty program. This payment proves the legitimacy of these issues, with Vladimir Kiriansky and Carl Waldspurger co-publishing a report on their findings, which is available to read here

In their report, it was confirmed that Spectre 1.1 affected both ARM and Intel x86 processors. At this time the vulnerabilities affect on AMD processors have not been verified. Proof-of-concept code has been provided to AMD, Google, IBM and Microsoft for additional verification and the development of software mitigations.  

Both of these bugs require the use of malicious code to operate, minimising the potential impact of the vulnerability, though at this time mitigations for both bugs are not available. 

Spectre 1.1 and 1.2 vulnerabilities discovered on Intel processors  

According to a report from The Register, Intel plans to bundle their disclosures together into quarterly updates, allowing the company to release security information at more regular intervals. This change will enable security researchers and system administrators to better plans how to update their systems or test future firmware or software mitigations.  

You can join the discussion on the Spectre 1.1 and 1.2 vulnerabilities that were found on Intel processors on the OC3D Forums

Uh-oh! It looks like you're using an ad blocker.

OC3D relies on ads to provide free content and sustain our operations. By white listing us on your ad blocker, you help support us and ensure we can continue offering valuable content without any cost to you. We only run our own hand picked ads from Industry brands like MSI, BeQuiet, Sapphire and PC-Specialist - meaning they are all relevent to the content you are reading.

We truly appreciate your understanding and support. Thank you for considering whitelisting OC3D