Researcher Found New Way to Exploit Meltdown and Spectre
MeltdownPrime and SpectrePrime: New variant of Meltdown and Spectre Vulnerability
Caroline Trippel and Daniel Lustig had described there research as MeltdownPrime and SpectrePrime that will automatically synthesized attacks exploiting invalidation-based coherence protocols.
They have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws. The tool allowed the researchers to synthesize a software-attack based on a description of a CPU's microarchitecture and an execution pattern that could be attacked.
The researchers were able to create new variants of Meltdown and Spectre with a separate class of cache timing side-channel attack known as Prime+Probe, described in 2015 by several of the researchers who found Meltdown and Spectre independently of Google's Project Zero.
MeltdownPrime and SpectrePrime gives same results (information) as like Meltdown and Spectre, but prime variants results may have little different as it rely on "invalid-based coherence protocols".Meltdown attacks allow malware to access a system's memory and its secrets, while Spectre can leak secrets by breaking memory isolation between applications.
Major difference between Meltdown and Spectre and their Prime variants are that the Primes attack the host by using two-cores against each other and a CPU's memory caches to discover privileged information about an application as it executes.
Researcher have tested there exploit on Apple MacBook running on MacOS Sierra with Intel Core i7 Processor which have not patched by Meltdown and Spectre and they got 99.95 percent same result.