It seems that the Spectre and Meltdown vulnerabilities saga is never-ending, and now there are two new related CPU flaws to add to the mix. Dubbed Spectre 1.1 and Spectre 1.2, the vulnerabilities (CVE-2018-3693) exploit speculative execution and can modify data and bypass sandboxes. Two security researchers have disclosed details of the new vulnerabilities, both of which have the potential to leak sensitive data. By tinkering with the speculative execution processes of Intel and ARM CPUs, it would be possible to use malicious code to extract information such as passwords and crypto keys. See also: Researchers develop SafeSpec to overcome…
[Continue Reading]