fromSecurityWeek
1 week agoResearchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud
Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs running on public cloud services. The research shows that L1TF (L1 Terminal Fault), also known as Foreshadow, a bug in Intel processors reported in January 2018, and half-Spectre, gadgets believed unexploitable on new-generation CPUs, as they cannot directly leak secret data, can be used together to leak data from the public cloud.
Information security