Intel data-leaking Spectre defenses scared off once again
Briefly

Researchers from ETH Zurich have discovered Branch Predictor Race Conditions (BPRC), a new type of security vulnerability that can circumvent Intel's defenses against the Spectre vulnerabilities. Spectre, identified in 2018, exploits speculative execution to allow malware or unauthorized users to access sensitive data from other applications and the kernel. Although Intel has implemented various protections against such attacks, the researchers indicate that the risk persists due to the evolving nature of processor vulnerabilities, which could potentially impact cloud environments and users' data security significantly.
Researchers at ETH Zurich have uncovered a new class of security vulnerabilities called Branch Predictor Race Conditions (BPRC) that bypass Intel's defenses against Spectre.
Spectre flaws allow malware to steal data from other applications and even from the operating system kernel, posing significant risks despite not being widely exploited.
The ability of attackers to leverage indirect branch predictions across privilege modes means malicious programs can access memory from sensitive areas of the system.
Despite improvements in hardware defenses, the ongoing vulnerabilities in Intel processors suggest a persistent risk associated with the speculative execution optimization technique.
Read at Theregister
[
|
]