October 29, 2024 at 02:33AM Research from ETH Zürich reveals that AMD and Intel processors remain vulnerable to speculative execution attacks, despite previous mitigations. A microcode bug allows attackers to bypass the Indirect Branch Predictor Barrier (IBPB), enabling unauthorized memory leaks. Intel has issued patches, while AMD tracks its variant of the vulnerability. **Meeting Takeaways … Read more
October 18, 2024 at 10:49AM Recent research reveals new speculative execution vulnerabilities in Intel’s 12th-14th gen processors and AMD’s Zen 1-2 chips, bypassing existing Spectre mitigations. Attacks exploit flaws in the Indirect Branch Predictor Barrier, allowing sensitive data leaks. Intel and AMD are aware and addressing these issues, with ongoing patch development for Linux. ### … Read more
July 3, 2024 at 10:33AM Researchers at UCSD have developed a new method, called “Indirector,” to execute Spectre-like side channel attacks on high-end Intel CPUs. This technique exploits the speculative execution feature to redirect a program’s control flow, potentially leaking sensitive data. The attack works on various generations of Intel CPUs and poses challenges for … Read more
July 2, 2024 at 07:07AM Modern Intel CPUs like Raptor Lake and Alder Lake are vulnerable to a new side-channel attack named “Indirector.” The attack exploits weaknesses in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to leak sensitive information. Mitigations include using Indirect Branch Predictor Barrier (IBPB) more aggressively and hardening the Branch … Read more
July 1, 2024 at 01:40PM New BTI attack called Indirector targets modern Intel CPUs, specifically Raptor Lake and Alder Lake generations. It exploits flaws in Indirect Branch Predictor and Branch Target Buffer to manipulate speculative execution, enabling data extraction. Researchers at UC San Diego discovered and presented the attack, proposing mitigations like IBPB and BPU … Read more
June 18, 2024 at 12:36PM Researchers have uncovered a new speculative execution attack targeting Arm CPUs’ Memory Tagging Extension (MTE), bypassing security measures. The attack, discovered by a team from Seoul National University, Samsung Research, and Georgia Tech, allows exploitation of memory corruption vulnerabilities for various malicious purposes. The researchers demonstrated its success against Chrome … Read more
June 16, 2024 at 10:14PM The TIKTAG attack exploits ARM’s Memory Tagging Extension (MTE) to leak data with over 95% success. Researchers from Samsung, Seoul National University, and Georgia Tech demonstrated the attack against Google Chrome and the Linux kernel. MTE, designed to prevent memory corruption, is susceptible to TIKTAG-v1 and TIKTAG-v2 gadgets. Mitigations are … Read more
April 10, 2024 at 01:24PM Researchers have developed the first native Spectre v2 exploit, affecting Linux systems on modern Intel processors. The discovery highlights the ongoing challenge of balancing performance optimization with security. Spectre V2 leverages speculative execution, leaving traces of sensitive data in CPU caches, and introduces security risks. Various entities are responding with … Read more
March 25, 2024 at 10:36AM Researchers have delved further into the GoFetch vulnerability affecting Apple M-series and Intel Raptor Lake CPUs. Exploiting data memory-dependent prefetchers, the exploit leaks core-cached data, posing a threat for hackers. While patches are possible for M3 and Raptor Lake CPUs, the M1 and M2 chips face challenges due to the … Read more
March 15, 2024 at 02:03PM A group of researchers has discovered a new data leakage attack called GhostRace (CVE-2024-2193), a variation of the spectre v1 vulnerability, impacting modern CPU architectures. This exploit allows unauthenticated attackers to extract sensitive data from the processor by accessing speculative executable code paths. Both AMD and Xen have provided solutions … Read more