Browsing tag
A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. “An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information […]
Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — […]
Since the vulnerabilities of Spectre and Meltdown appeared, specialists in information security services anticipated that implementing software fixes for these flaws implied a decrease in the performance of a system, although due to the new information related to this type of cyber errors the exact impact is still unknown, and there is still not enough […]
The flaw is present in all Intel generations after the first generation of Intel Core A speculative execution vulnerability (dubbed Spoiler) has been found in several generations of Intel CPUs, report network security and ethical hacking specialists from the International Institute of Cyber Security. The flaw could be exploited with a malicious JavaScript hosted on […]
Spectre and Meltdown attacks were initially discovered in early 2018. Following which, many security researchers have tried and tested different methods to put an end to the security flaws. However, researchers at Google have concluded that Spectre-type vulnerabilities are most likely to sustain as a feature in processors. Therefore, software-based techniques alone are inadequate to […]
Even the Tor browser can be monitored with this malicious code Specialists in digital forensics and information security have revealed a new side channel attack technique that bypasses the privacy defenses of any browser, according to them; even the Tor browser is vulnerable to this attack vector. As a result, malicious JavaScript in a […]
Developers insist that existing defenses will be enough to contain attacks, but experts disagree Information security and digital forensic investigators have discovered a new set of transient execution attacks on modern CPUs that allow a local attacker to gain access to the system’s privileged data, confirming predictions made when the cybersecurity community revealed the Spectre and Meltdown […]
A team of Researchers discovered 7 New Meltdown and Spectre Level attacks called a sound and extensible systematization of transient execution which includes 2 new Meltdown Attack variants and 5 variants belong to Spectre attack. All the 7 attacks are affected the 3 major processor vendors Intel, AMD, ARM that allows an attacker to gain […]
When the Spectre and Meltdown security flaws in Intel chips were disclosed earlier this year, security researchers called it a loophole so big that it’ll keep leaking for some considerable time in the future as well. Over the course of following months, that prediction turned out to be true and we are still witnessing similar […]
The issue has shot alert even in the U.S. Congress CPU manufacturers face two new variations of Specter’s lateral channel attack vulnerabilities, following a series of investigations by experts in enterprise data protection services. Like its predecessors, these last two vulnerabilities arise during the speculative execution process, with the difference that none of them resolves with recently […]
RAM use increases up to 10% Google revealed this week that its solutions for the Spectre vulnerability have caused the Chrome browser to use more RAM memory. In a publication, Google details its new “Site Isolation” function for the latest version of Chrome 67. It is a default-enabled feature used to protect against Specter side channel attacks […]
Very often a significant security flaw is followed by new derivatives of the same exploit. Following the widely popular Spectre and Meltdown speculative execution attacks, there were predictions that more flaws of similar nature will hit PC owners pretty soon. Variant 4 is the newest addition to this increasing list of vulnerabilities. In a new […]
Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches. Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors. Spectre and Meltdown flaw allow an attacker to steal the data […]
Intel won’t fix Meltdown nor Spectre for 10 product families covering 230-plus CPUs. Intel has issued new “microcode revision guidance” that reveals it won’t address the Meltdown and Spectre design vulnerabilities in all of its vulnerable processors, in some cases because it’s too tricky to remove the Spectre v2 class of vulnerabilities, the information security training researchers […]
Intel has published a microcode update guidance that confirms that it won’t be patching up the Spectre and Meltdown design flaws in all of its processors — mostly the older ones. The company has rolled out microcode updates to fix the Spectre v2 vulnerability for many of its processors going back to the second generation Core […]
Intel hasn’t stepped back on their efforts to show how concerned they’re for the people affected by the critical Meltdown and Spectre vulnerabilities disclosed ahead of schedule. The first lot of security patches released by Intel ended up rebooting people’s machines. Later, the world’s second largest chip maker had to advise users to refrain from […]
Crooks trying to take advantage of the infamous bug Meltdown and Spectre which affects almost all the modern processors and pushes Smoke Loader malware as a patch. Security researchers from Malwarebytes spotted a phishing campaign targetted German users appears to come from the German Federal Office for Information Security (BSI). Researchers said “the domain was […]
Apple has issued a statement regarding the Meltdown and Spectre vulnerabilities, confirming all Mac systems and iOS devices are affected, but saying there are no known exploits impacting customers at this time. Apple, like Microsoft, has urged users to download software only from trusted sources, such as the App Store. The iPhone maker has already […]
A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs: CVE-2017-5753 bounds check bypass (Spectre Variant 1) Impact: Kernel & all software Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode at the proper positions in the resulting code Performance impact of […]
Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp et. al 2017 for details: https://meltdownattack.com/meltdown.pdf. Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with […]
The silicon giant has started rolling out security updates for all Intel-powered devices affected by the vulnerabilities Meltdown and Spectre that Google Project Zero team made public on Wednesday. Known to have existed on devices released since 1995, these Intel CPU bugs could allow an attacker to access restricted areas of the operating system’s kernel […]