Spectre Archives - Security Affairs

Pierluigi Paganini October 26, 2023

iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]

Pierluigi Paganini March 30, 2021

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks. In January 2018, White […]

Pierluigi Paganini March 05, 2019

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that […]

Pierluigi Paganini November 14, 2018

Boffins discovered seven new Meltdown and Spectre attacks

Researchers who devised the original Meltdown and Spectre attacks disclosed seven new variants that leverage on a technique known as transient execution. In January, white hackers from Google Project Zero disclosed the vulnerabilities that potentially impact all major CPUs, including the ones manufactured by AMD, ARM, and Intel. The expert devised two attacks dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could […]

Pierluigi Paganini July 27, 2018

NetSpectre is a remote Spectre attack that allows stealing data over the network

Researchers discovered a new variant of the Spectre attack, dubbed NetSpectre, that allows to steal data over the network from the target system. A group of researchers has devised a new variant of the Spectre attack, dubbed NetSpectre, that could allow an attacker to steal data over the network from the target system. NetSpectre is described as […]

Pierluigi Paganini July 24, 2018

SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer

Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by targeting the Return Stack Buffer (RSB). “rather than exploiting the […]

Pierluigi Paganini June 25, 2018

Oracle issued security patches for recently discovered Spectre and Meltdown issues

Last week Oracle started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown flaws. In May, tech giants Intel, AMD, ARM, IBM, Microsoft and other tech firms teamed to disclose two new variants of both Meltdown and Spectre issues. The so-called Variant 4 (CVE-2018-3639) relies on a Speculative Store Bypass (SSB), […]

Pierluigi Paganini May 22, 2018

Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

Yesterday AMD, ARM, IBM, Intel, Microsoft and other major tech firms released updates, mitigations and published security advisories for two new variants of Meltdown and Spectre attacks. Spectre and Meltdown made the headlines again, a few days after the disclosure of a new attack technique that allowed a group of researchers to recover data from the System […]

Pierluigi Paganini May 20, 2018

Experts propose a new variation of the Spectre attack to recover data from System Management Mode

Researchers from Eclypsium proposed a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode. Security experts from Eclypsium have devised a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode (SMM) (aka called ring -2). The SMM is an operating […]

Pierluigi Paganini May 05, 2018

Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws

A group of security researchers has reportedly discovered 8 new varieties of the Spectre vulnerabilities, dubbed Spectre-Next Generation or Spectre-NG, that affect Intel CPUs. A German security website reported that an unnamed team of researchers has discovered the new flaws that exploit the new issues reported in the original Spectre and Meltdown attacks. The new eight Spectre-NG vulnerabilities in Intel CPUs also affect some ARM […]

Spectre

iLeakage attack exploits Safari to steal data from Apple devices

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

Microsoft enabled Retpoline mitigations against the Spectre Variant 2 for Windows 10

Boffins discovered seven new Meltdown and Spectre attacks

NetSpectre is a remote Spectre attack that allows stealing data over the network

SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer

Oracle issued security patches for recently discovered Spectre and Meltdown issues

Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

Experts propose a new variation of the Spectre attack to recover data from System Management Mode

Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

QUICK LINKS

Spectre

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!