Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom Dell Technologies World Digital Experience 2020 HPE Zone Masergy Zenith Partner Program Newsroom Intel Partner Connect Digital Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

7 Things You Need To Know About Spectre And Meltdown Security Exploits

Security researchers have discovered exploits that are being referred to as Spectre and Meltdown that chip giant Intel says impacts its own processors as well as those from AMD and ARM. Here are seven things you need to know about Spectre and Meltdown.

Back 1 ... 4   5   6   7  


Three Attack Variants For Spectre And Meltdown

Security researchers have found three possible variants of side channel timing attacks that could let attackers gain access to data that they normally could not access and how they can be mitigated, said Intel's Singhal.

The first is the bounds check bypass, a fairly fundamental exploit that could let an attacker take advantage of existing code with access to privileged information and use it and abuse it to speculatively have access to information in memory they might normally not have access to, Singhal said. "We've been working with software partners on both the operating system side and the browser side for mitigations for the first exploit," he said.

The second variant is Branch Target Injection in which malicious code could find a way to redirect the internal structures inside the processor to speculatively execute code attackers want to see executed, Singhal said. Such an attack does not impact the basic function of the processor, but does allow the speculative attack to occur, he said. Mitigation is being done via microcode updates that provide a new interface between the operating system and the processor, which requires work on both the hardware and software sides, he said.

The final variant is Rogue Data Load which is the ability for an application to speculatively access memory that it normally does not have access to, Singhal said. Intel has already pushed patches to Linux to isolate the page tables between the kernel and the user space, he said.

Back 1 ... 4   5   6   7  

sponsored resources