Meltdown Archives - Security Affairs

Pierluigi Paganini March 05, 2019

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that […]

Pierluigi Paganini November 14, 2018

Boffins discovered seven new Meltdown and Spectre attacks

Researchers who devised the original Meltdown and Spectre attacks disclosed seven new variants that leverage on a technique known as transient execution. In January, white hackers from Google Project Zero disclosed the vulnerabilities that potentially impact all major CPUs, including the ones manufactured by AMD, ARM, and Intel. The expert devised two attacks dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could […]

Pierluigi Paganini July 11, 2018

Intel pays a $100K bug bounty for the new CPU Spectre 1.1 flaw

A team of researchers has discovered new variant of the famous Spectre attack (Spectre 1.1), and Intel has paid a $100,000 bug bounty as part of its bug bounty program. Intel has paid out a $100,000 bug bounty for new vulnerabilities that are related to the first variant of the Spectre attack (CVE-2017-5753), for this reason, […]

Pierluigi Paganini June 25, 2018

Oracle issued security patches for recently discovered Spectre and Meltdown issues

Last week Oracle started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown flaws. In May, tech giants Intel, AMD, ARM, IBM, Microsoft and other tech firms teamed to disclose two new variants of both Meltdown and Spectre issues. The so-called Variant 4 (CVE-2018-3639) relies on a Speculative Store Bypass (SSB), […]

Pierluigi Paganini May 22, 2018

Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

Yesterday AMD, ARM, IBM, Intel, Microsoft and other major tech firms released updates, mitigations and published security advisories for two new variants of Meltdown and Spectre attacks. Spectre and Meltdown made the headlines again, a few days after the disclosure of a new attack technique that allowed a group of researchers to recover data from the System […]

Pierluigi Paganini May 09, 2018

May 2018 Android Security Bulletin includes additional Meltdown fix

Google releases additional Meltdown mitigations for Android as part of the May 2018 Android Security Bulletin. The tech giant also addresses flaws in NVIDIA and Qualcomm components. Both Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data. The Meltdown attack (CVE-2017-5754 vulnerability) could allow attackers to read the entire physical memory of the […]

Pierluigi Paganini May 05, 2018

Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws

A group of security researchers has reportedly discovered 8 new varieties of the Spectre vulnerabilities, dubbed Spectre-Next Generation or Spectre-NG, that affect Intel CPUs. A German security website reported that an unnamed team of researchers has discovered the new flaws that exploit the new issues reported in the original Spectre and Meltdown attacks. The new eight Spectre-NG vulnerabilities in Intel CPUs also affect some ARM […]

Pierluigi Paganini April 11, 2018

AMD and Microsoft release microcode and operating system updates against Spectre flaw

AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday. AMD and Microsoft released the microcode and security updates for Spectre vulnerabilities. The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive […]

Pierluigi Paganini March 27, 2018

BranchScope is a new side-channel attack method against Intel chip

BranchScope is a new side-channel attack technique that like Meltdown and Spectre attacks can be exploited by an attacker to obtain sensitive information from vulnerable processors. A group of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University has discovered a new side-channel attack dubbed […]

Pierluigi Paganini March 22, 2018

Google is distributing more Meltdown and Spectre Patches for Chrome OS devices

Google announced that mitigations for devices with Intel processors that are affected by the Spectre and Meltdown vulnerabilities will be available for latest stable channel update for Google’s Chrome OS operating system. The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data. The Meltdown attack could allow attackers to read […]

Meltdown

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Boffins discovered seven new Meltdown and Spectre attacks

Intel pays a $100K bug bounty for the new CPU Spectre 1.1 flaw

Oracle issued security patches for recently discovered Spectre and Meltdown issues

Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

May 2018 Android Security Bulletin includes additional Meltdown fix

Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws

AMD and Microsoft release microcode and operating system updates against Spectre flaw

BranchScope is a new side-channel attack method against Intel chip

Google is distributing more Meltdown and Spectre Patches for Chrome OS devices

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

Hackers deploy fake SonicWall VPN App to steal corporate credentials

QUICK LINKS

Meltdown

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!