Pierluigi Paganini March 05, 2019
Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks.  In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that […]

Pierluigi Paganini November 14, 2018
Boffins discovered seven new Meltdown and Spectre attacks

Researchers who devised the original Meltdown and Spectre attacks disclosed seven new variants that leverage on a technique known as transient execution. In January, white hackers from Google Project Zero disclosed the vulnerabilities that potentially impact all major CPUs, including the ones manufactured by AMD, ARM, and Intel. The expert devised two attacks dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could […]

Pierluigi Paganini July 11, 2018
Intel pays a $100K bug bounty for the new CPU Spectre 1.1 flaw

A team of researchers has discovered new variant of the famous Spectre attack (Spectre 1.1), and Intel has paid a $100,000 bug bounty as part of its bug bounty program. Intel has paid out a $100,000 bug bounty for new vulnerabilities that are related to the first variant of the Spectre attack (CVE-2017-5753), for this reason, […]

Pierluigi Paganini June 25, 2018
Oracle issued security patches for recently discovered Spectre and Meltdown issues

Last week Oracle started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown flaws. In May, tech giants Intel, AMD, ARM, IBM, Microsoft and other tech firms teamed to disclose two new variants of both Meltdown and Spectre issues. The so-called Variant 4 (CVE-2018-3639) relies on a Speculative Store Bypass (SSB), […]

Pierluigi Paganini May 22, 2018
Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

Yesterday AMD, ARM, IBM, Intel, Microsoft and other major tech firms released updates, mitigations and published security advisories for two new variants of Meltdown and Spectre attacks. Spectre and Meltdown made the headlines again, a few days after the disclosure of a new attack technique that allowed a group of researchers to recover data from the  System […]

Pierluigi Paganini May 09, 2018
May 2018 Android Security Bulletin includes additional Meltdown fix

Google releases additional Meltdown mitigations for Android as part of the May 2018 Android Security Bulletin. The tech giant also addresses flaws in NVIDIA and Qualcomm components. Both Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data. The Meltdown attack (CVE-2017-5754 vulnerability) could allow attackers to read the entire physical memory of the […]

Pierluigi Paganini May 05, 2018
Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws

A group of security researchers has reportedly discovered 8 new varieties of the Spectre vulnerabilities, dubbed Spectre-Next Generation or Spectre-NG, that affect Intel CPUs. A German security website reported that an unnamed team of researchers has discovered the new flaws that exploit the new issues reported in the original Spectre and Meltdown attacks. The new eight Spectre-NG vulnerabilities in Intel CPUs also affect some ARM […]

Pierluigi Paganini April 11, 2018
AMD and Microsoft release microcode and operating system updates against Spectre flaw

AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday. AMD and Microsoft released the microcode and security updates for Spectre vulnerabilities. The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive […]

Pierluigi Paganini March 27, 2018
BranchScope is a new side-channel attack method against Intel chip

  BranchScope is a new side-channel attack technique that like Meltdown and Spectre attacks can be exploited by an attacker to obtain sensitive information from vulnerable processors. A group of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University has discovered a new side-channel attack dubbed […]

Pierluigi Paganini March 22, 2018
Google is distributing more Meltdown and Spectre Patches for Chrome OS devices

Google announced that mitigations for devices with Intel processors that are affected by the Spectre and Meltdown vulnerabilities will be available for latest stable channel update for Google’s Chrome OS operating system. The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data. The Meltdown attack could allow attackers to read […]