Intel, AMD confirm new Spectre variants

SSB could potentially be used to exploit browsers’ JIT JavaScript compilers

Chipmakers Intel and AMD have confirmed the existence of a new category of the Spectre vulnerability, which exploits the speculative execution features of modern CPUs.

The Speculative Store Bypass (SSB) vulnerability could be used to exploit the Just-in-Time (JIT) JavaScript compilers found in web browsers, Microsoft said in its security advisory.

CPUs from AMD, ARM and Intel are potentially affected.

Microsoft said it “may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of CVE-2018-3639,” the CVE identifier assigned to the vulnerability.

“However, Microsoft Edge, Internet Explorer, and other major browsers have taken steps to increase the difficulty of successfully creating a side channel,” the software vendor said.

The vendor said the risk posed by the vulnerability is low.

Microsoft’s Ken Johnson and Google’s Jann Horn independently discovered SSB, Microsoft said in its analysis of the vulnerability.

“Starting in January, most leading browser providers deployed mitigations for Variant 1 [of Spectre] in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser,” Intel’s Leslie Culbertson wrote in a blog entry.

“These mitigations are also applicable to Variant 4 and available for consumers to use today. However, to ensure we offer the option for full mitigation and to prevent this method from being used in other ways, we and our industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates.”

Microsoft and Intel said they had not seen any evidence of the newly disclosed vulnerability being exploited.

Intel said that its microcode updates to address Version 4 would also address an additional Spectre variant dubbed Variant 3a (CVE-2018-3640) or ‘Rogue System Register Read’ (RSRE).

“Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis,” Intel said its security notice.

German publication c’t was the first to report the existence of the new vulnerabilities. c’t reported that a total eight new Spectre-related vulnerabilities had been discovered.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftintelAMDmeltdownspectre

More about AMDARMGoogleIntelMicrosoft

Show Comments