New 'Spoiler' vulnerability in all Intel Core processors exposed by researchers

appleinsider.com ^ | 3/7/2019 | Malcolm Owen

[bitt]

A function of Intel's processors dealing with speculative execution has another vulnerability that affects all Intel-based computers including Apple's Mac, researchers have revealed, with "Spoiler" potentially allowing an attacker the ability to view the layout of memory, and in turn potentially access sensitive data stored in those locations.

The speculative execution function of Intel's processors, used to increase the performance of a CPU by predicting paths an instruction will go through before the branch is completed, is a useful function but one that has caused Intel issues in the past. A new report from security researchers from Worcester Polytechnic Institute and the University of Lubeck published on March 1 indicates there's another issue that needs to be fixed.

Dubbed "Spoiler," the technique is able to determine how virtual and physical memory is related to each other, by measuring the timing of speculative load and store operations performed by the processor, reports The Register. By spotting discrepancies in the timing, it is possible for an attacker to determine the memory layout, and in turn know areas to attack.

"The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available," researcher Daniel Moghimi advised to the report. "Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks."

[bitt]

P

[Paladin2]

Billions of transistors, all off on their own, doing whatever.

What could possibly go wrong?

[mrsmith]

Can’t tell the bugs from the features...

[Cold Heart]

Sounds like a lot of work beyond my capability to breach someone’s system. I’ll wait till the AAP comes out.

[granite]

Thanks for the memories.

[TaMoDee]

Need the “Executive Summary” in ENGLISH, Please.
Not all Freepers are software geeks!

[Jane Long]

Well, in 2020 Apple will supposedly stop using Intel chips.

Until then....

[BipolarBob]

My next computer is going to be AI designed and built in China. I expect it will be great.

/s

[bitt]

[bitt]

P

[Paladin2]

I was taught that ALL bugs are FEATURES!

Bill Gate$ says.......

[Redcitizen]

Spoiler Alert.

[unixfox]

Will there be a recall and of course refunds? /sarc

[the_Watchman]

I AM a GEEK. My job used to be to extend the sample BIOS supplied by Intel to take advantage of new Reliability And Serviceability (RAS) features for the three operating systems which run on the servers manufactured by my company.

“Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks.”

There must be something else going on here, because this doesn’t make sense to a geek.

It wouldn’t be the first time that the technical writer scrambles the message. But the capability described above wouldn’t make me lose any sleep.

[Rurudyne]

I recall the Clinton Administration being said to have wanted bugs like these.

[Rurudyne]

Engineers etc are rarely required to actually learn how to write good. *nudge*wink*

[RushIsMyTeddyBear]

Greeeat. Do I need to wait for the next scam call from “Hardeep” (AKA “John”) addressing this problem?

[ShadowAce]

[palmer]

I agree with The Watchman. I would also point out that the way this works is that the bad guys are running user mode code on your computer. They can't do anything remotely. If they run user mode code on your computer, it's mostly game over even before these kinds of bugs which mostly allow privilege elevation.

In theory the user mode code could include javascript that you loaded simply by visiting a website. But I am pretty sure a javascript exploit will never come to fruition. Not only that, but a browser can defend against such an attack rather easily by small randomizations in javascript execution.