Researcher Found New Way to Exploit Meltdown and Spectre

MeltdownPrime and SpectrePrime: New variant of Meltdown and Spectre Vulnerability
Already there is quite difficult for Intel for fixing up Meltdown and Spectre bug within there chipset, and now another Meltdown and Spectre have hit them. Intel is trying to mitigate the bug on its chipset which is still in process but two researcher Caroline Trippel and Daniel Lustig of Princeton University and Margaret Martonosi from Nvidia- have discovered another way to achieve the Meltdown and Spectre.

Caroline Trippel and Daniel Lustig had described there research as MeltdownPrime and SpectrePrime that will automatically synthesized attacks exploiting invalidation-based coherence protocols. 
They have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws. The tool allowed the researchers to synthesize a software-attack based on a description of a CPU's microarchitecture and an execution pattern that could be attacked.

The researchers were able to create new variants of Meltdown and Spectre with a separate class of cache timing side-channel attack known as Prime+Probe, described in 2015 by several of the researchers who found Meltdown and Spectre independently of Google's Project Zero.

MeltdownPrime and SpectrePrime gives same results (information) as like Meltdown and Spectre, but prime variants results may have little different as it rely on "invalid-based coherence protocols".
Meltdown attacks allow malware to access a system's memory and its secrets, while Spectre can leak secrets by breaking memory isolation between applications.

Major difference between Meltdown and Spectre and their Prime variants are that the Primes attack the host by using two-cores against each other and a CPU's memory caches to discover privileged information about an application as it executes.

"By exploiting cache invalidations, MeltdownPrime and SpectrePrime  two variants of Meltdown and Spectre, respectively can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.

Researcher have tested there exploit on Apple MacBook running on  MacOS Sierra with Intel Core i7 Processor which have not patched by Meltdown and Spectre and they got 99.95 percent same result.
Read Also
Post a Comment