Intel paid Bug Bounty of $100,000 to Vladimir Kiriansky of MIT and Carl Waldspurger of Carl Waldspurger consulting for discovering two new variants of Spectre variant 1. These two new vulnerabilities closely resemble the first spectre 1 variant. Hence, the experts tracked them as Spectre 1.1(CVE-2018-3693) and Spectre 1.2.
Under the Google Project Zero Program, earlier in 2018, researchers had discovered the Spectre Variant 1 (CVE-2017-5753), Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Intel paid Bug Bounty of $100,000 to Kiriansky under the HackerOne program for finding any vulnerability before they could be exploited by cyber miscreants.
The Spectre bug took advantage of the speculative execution technique. In the technique the computer performed a task before it was asked to do so, to prevent delay which would have happened if the work was done after it was needed. If the task carried out is found to be not needed, than the changes made are reverted back and the results disregarded. The Spectre Bug exposed the sensitive data by observing the system and exposing this data through a side channel.
The Spectre Variant 1.1
This Spectre Variant 1.1 creates speculative buffer overflows in the CPU store Cache. It enables the malicious code to exploit the memory and extract the secured data such as passwords, sensitive data from the CPU memory and cryptographic keys. It is similar to classic buffer overflows and can modify data and code pointers. It can bypass some of the Spectre Variant 1 mitigations either directly or by redirecting the control flow. The control flow attacks can enable the arbitrary speculative code execution which allows the malicious code to bypass fence instructions and all other software mitigations.
The Spectre Variant 1.2
The Spectre Variant 1.2 is similar to the Meltdown attack. It depends on the lazy PTE (Page-table entries) to cause out-of-order execution to leak kernel memory. This same mechanism can also be used to bypass the Read/Write PTE flags. The speculative stores can overwrite read-only data, code meta-data and code pointers. This includes the vtables, GOT/IAT and control flow mitigation metadata. This allows the malicious program to write data in the read-only data memory, code pointers and code metadata. Sandboxing is rendered ineffective as it depends on the hardware enforcement of read-only memory.
Possible counter measures are being put into place by major tech firms like Microsoft, Oracle and Red hat who are investigating the issue and related effects of this threat. This threat is termed as a Speculative execution side-channel attacks. They are aware that modern processors like Intel, ARM and AMD are affected by this. This issue can also affect other systems such as android, iOS, MacOS and Chrome. If an attacker is able to exploit these vulnerabilities then he/she will be able to get access to private and confidential data of the user. In a shared network environment or on cloud storage, one infected system would allow the attacker access to data of other machines.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.