Spectre NG Flaws Reportedly Found in Intel Chips

  /     /     /  
Publicated : 22/11/2024   Category : security


Spectre NG Flaws Reportedly Found in Intel Chips


A German magazine is reporting that ’Spectre Next Generation’ vulnerabilities have been found in Intels x86 processors, although full details are not being released yet.



Get ready for a new generation of Spectre vulnerabilities to appear in x86 chips.
On May 3,
German magazine ct published a report
that claims researchers have found eight new security flaws in Intel processors that are being tentatively called Spectre Next Generation or Spectre NG.
Several teams of security researchers have reported the new Spectre-like vulnerabilities to Intel, although the technical details of these flaws are being withheld right now, according to the report. The story also claims that Intel is working on patches to address these new sets of hardware issues.
Once again, it appears that Google Project Zero, the search companys security division, has been aware of at least one of these flaws. The Google team alerted Intel to the Spectre and Meltdown side-channel vulnerabilities in 2017, before additional details were released by university researchers in January. (See
Meltdown & Spectre News Gets Worse – & Better
.)
(Source:
iStock
)
In addition to Intel, ct reports that these flaws could also affect AMD and ARM processors as well.
While the technical details are being withheld to give the companies involved time to respond and issue patches and fixes, the magazine reported that the Spectre NG flaws work in the same manner as the original Spectre and Meltdown vulnerabilities.
The new set of flaws were discovered through the
Common Vulnerability Enumerator
(CVE), which is an industry repository of known cybersecurity vulnerabilities that contains identification numbers, descriptions and public references. Intel appears to have labeled at least four of the next-generation flaws as high-risk. The other four are deemed moderate.
It is also likely, according to the report, that each of the eight vulnerabilities will require their own patch.
For its part, Intel is remaining quiet about the report, although a note published on the companys website on Thursday seems to hint that the chip maker is aware of new vulnerabilities and is working to fix the issues.
We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers,
according to Intels post
. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.
The fundamentals of network security are being redefined -- dont get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual
Big Communications Event
. Theres still time to register and communications service providers get in free!
When the original Spectre and Meltdown flaws were disclosed at the beginning of this year, researchers reported that by manipulating pre-executed commands within x86 chips, which help make data available faster, hackers can gain access to the content of the kernel memory. The security issue is that this flaw can allow a hacker to gain access to encryption keys and other authentication details of whatever system the CPU is running in.
Since that time, Intel has been issuing patches and promising to do a better job of alerting the community to security flaws, although the company recently admitted that some chips will never get Spectre and Meltdown fixes. (See
Intel Will Leave Some Chips Without Spectre Patch
.)
What makes the original Spectre and Meltdown particularly tricky to fix is the fact there are variations to each flaw. Specifically, Spectre has two different issues called Variant 1 and Variant 2. In the case of Variant 2, the flaw is the harder one to exploit by attackers but also the more difficult to fix. (See
5 New Network Attack Techniques That Will Keep You Awake at Night
.)
Related posts:
In Wake of Spectre & Meltdown, Intel Shifts Memory Scanning to GPU
Microsofts Brad Smith: 2017 Was a Cybersecurity Wake-Up Call
Intel, OEMs Push Out More Spectre Microcode Patches
Intels SGX Vulnerable to Spectre-Like Flaw
— Scott Ferguson is the managing editor of Light Reading and the editor of
Security Now
. Follow him on Twitter
@sferguson_LR
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Spectre NG Flaws Reportedly Found in Intel Chips