In case you missed the US-CERT alert that hit inboxes on May 21, 2018, here are the "lowlights."
Intel announced that dozens of its chips are impacted by newly discovered variants of the Spectre CPU flaw. And the company points out that multiple chip manufacturers have products with the same vulnerabilities.
US-CERT summarizes the new Spectre vulnerabilities this way:
"Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to:
- Read arbitrary privileged data; and
- Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods."
You can read the full US-CERT alert, and the Intel report on which chips are potentially impacted is here.
It is SecureWorld's mission to help security leaders protect their organizations, so we wanted to be sure you could easily find this information.
Especially since inboxes get so full that any of us can easily miss crucial information.
