Spectre is a pair of hardware vulnerabilities in some Microprocessors which abuses "speculative execution." It is a set of variants to the Meltdown vulnerability.[1] The first is "bounds check bypass" (CVE-2017-5753), the second and more serious is "branch target injection" (CVE-2017-5715).
This pair of vulnerabilities was reported by two different people, Jann Horn (Google Project Zero) and Paul Kocher (in collaboration with Daniel Genkin [University of Pennsylvania and University of Maryland], Mike Hamburg [Rambus], Moritz Lipp [Graz University of Technology], and Yuval Yarom [University of Adelaide and Data61]).
With the push for electronics to operate at ever greater speeds, processors have begun using "speculative execution" in which they begin computing expected tasks before the tasks has actually been assigned. Once started, it will be determined whether the expected branch of tasks was correct or not. If the tasks were predicted properly, time is saved in the operation. If not, the branch must be disregarded and it must start over, working on the tasks which were actually needed. Although this may sound inefficient, predictions are often correct, so the management agent is able to complete many tasks more quickly.[1] Alternatively, multiple logic paths can sometimes be followed simultaneously, so that some progress is made regardless of which branch is needed.
Unfortunately, these methods can be abused using the out-of-order processing of this "speculative execution," so that the processor will predict branch paths which should never actually exist. In so doing, software can create a side channel which leaks the victim's confidential information to the attacker. By using "side channel attacks, fault attacks,and return-oriented programming that can read arbitrary memory from the victim’s process," sensitive information can be stolen.[1]
Fortunately for most computer users, Spectre can only be exploited by malicious software running locally on the victim machine. In most cases, there are likely to be more efficient attack methods for an already infected device. However, Spectre could theoretically be used to leak information from one virtual machine to another, or allow a VM to learn secured information from the host device. This attack is therefore considered to be more of a threat to server environments than personal computing devices.
These vulnerabilities are more difficult to patch than Meltdown, but there are some software patches available for certain types of hardware running certain operating systems,[2] including one for Linux.[3]
Ultimately, mitigation of this issue requires firmware and microcode updates. The problem with this is that firmware varies greatly from one device to another, so it is not something which can be easily applied to all computers running a specific operating system. Nonetheless, Microsoft has been working to push out these firmware updates to their users through the standard Windows Update system.[4][5]
Categories: [Cybersecurity Vulnerabilities]