After Spectre and Meltdown, a new security vulnerability, dubbed Spoiler, has been discovered. The vulnerability was discovered by the Worcester Polytechnic Institute and University of Lübeck, both of whom identified Spoiler and the effects it has on first generation Intel Core CPUs, right down to the latest versions.
Similar to Spectre and Meltdown, Spoiler also abuses speculative execution in Intel chips to leak sensitive data. For those unfamiliar with the parlance; speculative execution is a process where the system predicts future task.
If executed properly, hackers could exploit the vulnerability through a malicious JavaScript on a website; a malware running on the CPU’s system, or even through a rogue user. Once through, the attacker could easily extract passwords, keys, and other forms of sensitive data from the memory.
According to reports, software updates as a solution is impossible at the moment. The only way to solve this problem for Intel is to adjust its CPU architecture to prevent the new security vulnerability. The researchers also experimented with ARM and AMD processors, but both did not display similar results. In other words, the Spoiler vulnerability appears to only and specifically affect Intel CPUs.
Intel did release a statement regarding Spoiler. Stating that software can be protected from the vulnerability by “employing side channel safe software development practices”.
(Source: DSOGaming, The Register)
