Skip to main content
X

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Report: New Ways to Exploit Meltdown, Spectre Vulnerabilities Found

Last month, security vulnerabilities in Intel and other tech companies’ CPUs was discovered that affects nearly every major platform.

Anxiousness surrounding the Meltdown/Spectre vulnerabilities has led researchers to look for new ways to exploit the vulnerabilities that go beyond proof-of-concept. And a team comprised of researchers from NVIDIA and Princeton University has released a report that finds new exploitations.

In the report, the researchers refer to the new vulnerabilities as “MeltdownPrime” and “SpectrePrime” and it states:

“In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe at- tack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime—two variants of Meltdown and Spectre, respectively— can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.”

Essentially, the vulnerabilities pit two CPU cores against one another to trick multi-core systems and gain access to cached data.

Fortunately, the software patches that are being rolled out are likely to address the newly reported vulnerabilities. However, the researchers state in the report that they believe “microarchitectural mitigation of our Prime variants [of the vulnerabilities] will require new considerations”, meaning hardware changes will be required.

Read the entire report from NVIDIA and Princeton researchers here: arxiv.org/pdf/1802.03802.pdf. We will keep you updated on any new developments in this story.

OWC Newsfeed
the authorOWC Newsfeed
The OWC Newsfeed provides the latest OWC, MacSales.com, Rocket Yard, and industry news, information, and announcements for your reading pleasure and shareability!
Be Sociable, Share This Post!

Leave a Reply

1 Comment

  • The referenced article was long. I’m assuming that it is still true that these vulnerabilities require direct (logged-in) access to a machine, to exploit. Correct?