Security: A new security vulnerability based on speculative execution mechanisms has been discovered in the latest generations of Intel processors. This makes it easier to execute previously discovered faults, such as RowHammer.
The researchers behind the discoveries of Specter and Meltdown had warned: these flaws were only the first. Since then, researchers have been discovering new vulnerabilities based on speculative execution mechanisms at regular intervals, and the newcomer, called SPOILER, is no exception.
Discovered by researchers at the Worcester Polytechnic Institute in the United States, in conjunction with German researchers at the University of Lübeck, this new security challenge relies on speculative enforcement mechanisms to allow access to data concerning the memory addresses used by the programs.
This attack makes it possible notably to improve known attacks: the Rowhammer attack is notably cited by the researchers. This one was discovered several years ago and allows an attacker to access memory spaces to which he did not have access, in reading as in writing. According to the article published by the researchers, SPOILER considerably improves the efficiency of this type of attack.They also point out that new attacks could also be implemented on the basis of this flaw: it could be integrated within a malware or even via JavaScript hosted on a malicious web page according to the researchers.
SPOILER affects all Intel processors since the first Intel Core range. Among the processors that have actually been tested by the team of researchers, there are processors Kaby Lake, Skylake, Haswell, Ivy Bridge, Sandy Bridge, Nehalem and Core. Intel processors, however, seem the only ones to be directly affected by this flaw: this is often the case with the flaws based on speculative execution, a technique that has been widely used by Intel to improve the performance of its processors over the years. last years. The faults are also reproducible on the different OS.
However, it will not wait for corrective action from the microprocessor giant: in a reaction relayed by the Phoronix site , a spokesman for Intel confirms having been warned by researchers of this security breach, but said that no patch is not planned. "We hope that the software will be able to guard against these attack techniques by using development practices protected from auxiliary channel attacks," says Intel. The founder therefore returns the ball towards the ecosystem of software editors.