8 more spectre vulnerabilities found in intel chips

heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html

>8 more spectre vulnerabilities found in intel chips

Attached: 1430775192503.jpg (867x848, 337K)

Other urls found in this thread:

en.wikipedia.org/wiki/Traitorous_eight
twitter.com/NSFWRedditGif

Rip intel

>Just bought a 7920x

Aaaaaaaaaaaaaaaaaah

Attached: signal-2017-10-11-063458.jpg (1200x675, 91K)

>unnamed exclusive source
It's not as scummy as CTS labs case, but I'll wait for official announcement here as well.

>>unnamed exclusive source

> Google project zero
> unnamed

Attached: 1487822407068.png (600x800, 459K)

OH NO OH NO OH NO
HAHAHAHAHAHAHAHAHAAHAHAHAHAHAHAHAHAHAHAHAHAH

Bump, I expected there to be more threads on this, they call it Spectre-NG currently kek

DeepL.com often delivers better results than Google Translator:

New vulnerabilities and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.

Spectre and Meltdown shook the IT world to its foundations: researchers proved that the design of all modern processors has a fundamental problem that endangers their security (see c't 3/2018). Then there were patches and the world seemed fine again. Some experts warned that more could follow. But the hope remained that the manufacturers could solve the problem with a few security updates.

We can bury that hope. A total of eight new security holes in Intel CPUs have already been reported to the manufacturer by several teams of researchers, which are currently still being kept secret. All eight are essentially due to the same design problem that is explained in more detail in the section "Meltdown and Spectre for Dummies" - they are, so to speak, Spectre Next Generation.

c't has exclusive information on Spectre NG, which we have been able to verify in several ways, so that we no longer have any doubts about its authenticity. However, we will not publish technical details as long as there is still a chance that the manufacturers will get their security updates ready before the gaps become known. However, we will use our information to provide journalistic support for future releases of patches and background information. Eight new gaps

Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches - probably they all get their own names. Until then, we will jointly call them the Spectre-NG gaps in order to distinguish them from the problems known so far.

So far we only have concrete information on Intel's processors and their patch plans. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether and to what extent the closely related AMD processor architecture is susceptible to the individual Spectre-NG gaps.

Intel is already working on some Spectre-NG patches itself; others are being developed in cooperation with the operating system manufacturers. When the first Spectre-NG patches will be released is not yet clear. According to our information, Intel is planning two patch waves: The first is scheduled to start in May; a second is currently planned for August.

At least one of the Spectre-NG patches has already been scheduled: Google's Project Zero has found one of the gaps again and on May 7 - the day before the Windows patchday - the 90-day deadline, which they typically allow the manufacturer before a release, expires. Google's elite hackers are quite uncompromising when it comes to such deadlines, and after their expiration they have already published information on vulnerabilities for which the manufacturer has not yet finished patches. If there is a second gap, Intel itself expects information to be made public at any time. So patches for these two gaps should be released sooner rather than later.

Microsoft is obviously also preparing for CPU patches: Originally, reference was made to BIOS updates for microcode updates against Spectre, but now they appear in the form of (optional) Windows updates. PC manufacturers simply need too long for BIOS updates. Microsoft is also offering up to $250,000 in a bug bounty program for Spectre gaps. Linux kernel developers are also continuously working on hardening measures against spectre attacks.