Lmst

Want more #SpeculativeExecution bugs? “You’re gonna be in a great mood all day.”

#Apple’s latest three generations of #ARM ISA chips have a pair of #Spectre-like vulnerabilities. But, unlike other #SpeculativeExecution flaws, this one seems like the real deal: It could actually be exploited to steal your private info. “Four or five seconds—it’s done!”

#Apple’s known about at least one of the bugs for TEN months. In #SBBlogwatch, we wonder why Tim’s crew did nothing about it. @TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/01/slap-flop-apple-silicon-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc $AAPL

#Intel, #AMD #CPU on #Linux impacted by newly disclosed #Spectre bypass
The #vulnerabilities impact Intel's 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of #Xeon processors for servers, along with AMD's older Zen 1, Zen 1+, and Zen 2 processors. The attacks undermine the Indirect Branch Predictor Barrier (#IBPB) on #x86 processors, a core defense mechanism against #speculativeexecution attacks.
https://www.bleepingcomputer.com/news/security/intel-amd-cpus-on-linux-impacted-by-newly-disclosed-spectre-bypass/

Speculative execution and other microarchitectural attacks never went away, and the research just keeps getting smarter.

Pathfinder introduces new tools and two new types of speculative execution, affecting Intel and AMD CPUs.

#Spectre #SpeculativeExecution #CyberSec #AppSec #VU157097

https://pathfinder.cpusec.org/

New #SpectreV2 attack impacts #Linux systems on #Intel #CPU
Researchers have demonstrated the "first native #Spectre v2 #exploit" for a new #speculativeexecution side-channel flaw that impacts Linux systems running on many modern Intel processors.
Current mitigations are designed around isolating exploitable gadgets to remove the attack surface. Researchers, through custom 'InSpectre Gadget' analysis tool, demonstrated that exploitable gadgets in the Linux kernel remain.
https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/

#iLeakage Attack: Theft of Sensitive Data from #Apple’s #Safari #Browser
What happens in iLeakage attacks is that the #CPU is tricked into #speculativeexecution of code that reads sensitive data from memory. https://www.hackread.com/ileakage-attack-sensitive-data-theft-apple-safari-browser/ #sidechannel attack

"🚨 iLeakage: Safari's Side Channel Vulnerability Exposed! 🍎🔓"

Researchers have unveiled a new attack, dubbed "iLeakage", that exploits a side channel vulnerability in Apple's A- and M-series CPUs. This attack forces Apple’s Safari browser on iOS and macOS devices to reveal passwords, Gmail content, and more. The exploit is practical and doesn't require vast resources but demands in-depth reverse-engineering of Apple hardware. The side channel exploited is speculative execution, a feature in modern CPUs that has been the foundation for numerous attacks recently. The iLeakage attack, when executed, can recover YouTube viewing history, Gmail inbox content, and even passwords autofilled by credential managers. Apple is aware and plans to address this in an upcoming software release. 🚀🔍

Source: Ars Technica

Author: Dan Goodin - Senior Security Editor at Ars Technica. Profile

Tags: #iLeakage #Apple #Safari #SideChannel #Vulnerability #CyberSecurity #iOS #macOS #SpeculativeExecution 🌐🔐🍏

Hackers can force #iOS and #macOS browsers to divulge passwords and much more
Researchers devised an attack that forces #Apple’s #Safari browser to divulge #passwords, Gmail message content, and other secrets by exploiting a side channel #vulnerability in A- and M-series CPU running modern iOS and macOS devices dubbed #iLeakage. The side channel in this case is #speculativeexecution, a performance enhancement feature in modern #CPU that formed the basis of many attacks https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/

During this year's #BlackHat conference, security researcher Daniel Moghimi is set to present "Downfall", a new speculative execution vulnerability found in Intel processors from 2014-2023.

This new speculative execution vulnerability if exploited could allow attackers steal encryption keys & passwords.

Intel noted that they haven't seen this vulnerability being exploited in the wild and that detection is difficult.

Moghimi stated that exploiting was relatively easy, he goes on to say:

When I discovered this vulnerability, it took me maybe a couple of weeks to come up with attacks that work. I was just a one-person researcher without any resources, you can imagine if you have a team of black hat hackers, you can probably do a lot more with it.

While the flaw exists in hardware, Intel has provided microcode updates & the #Linux kernel maintainers have published mitigations for this flaw in today's kernel release.

#infosec #cybersecurity #DOWNFALL #speculativeexecution #Intel #CPUBug

- https://cyberscoop.com/downfall-intel-cpu-vulnerability/
- https://www.bleepingcomputer.com/news/security/new-downfall-attacks-on-intel-cpus-steal-encryption-keys-data/

Zenbleed: How the quest for CPU performance could put your passwords at risk - Parse this! "You need to turn on a special setting to stop the code you wrote to stop the... https://nakedsecurity.sophos.com/2023/07/26/zenbleed-how-the-quest-for-cpu-performance-could-put-your-passwords-at-risk/ #speculativeexecution #cve-2023-20593 #vulnerability #dataloss #zenbleed #ormandy #amd

It unfortunately says a lot about #techculture that for computational logic, the #TrolleyProblem has nothing to do with morality, and everything to do with operational responsiveness. Because the computer has virtually killed everyone tied to the tracks, the conductor, you, and every one else in every possibile combination, and it's just waiting for you to make a decision and execute(hah) one of its saved conditions.

#SpeculativeExecution
https://xkcd.com/1938/

“Spectre Mitigations Murder *Userspace* Performance In The Presence Of Frequent Syscalls”, Robert O’Callahan (https://robert.ocallahan.org/2021/06/spectre-mitigations-murder-userspace.html).

Via HN: https://news.ycombinator.com/item?id=27559795

#Specter #CPU #OS #Performance #Speed #SystemsProgramming #Security #ComputerSecurity #SpeculativeExecution