13 matches found
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
Exploit for hardware platform in category dos / poc / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory...
New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected
Security researchers from Microsoft and Google have discovered a fourth variant of the data-leaking Meltdown-Spectre security flaws impacting modern CPUs in millions of computers, including those marketed by Apple. Variant 4 comes weeks after German computer magazine Heise reported about a set of...
AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass
AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in...
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...
APT Trends report Q1 2018
In the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on...
KB4093112: Windows 10 Version 1709 and Windows Server Version 1709 April 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4093112. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose...
KB4074591: Windows 10 Version 1511 February 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4074591. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose...
KB4074596: Windows 10 February 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4074596. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose...
Fedora 27 : firefox (2018-276558ff6f)
Update to 57.0.4 - Security fixes to address the Meltdown and Spectre timing attacks - https://blog.mozilla.org/security/2018/01/03/mitigations -landing-new-class-timing-attack/ - Require new nss 3.34 fixed rhbz1531031 - Disabled ARM on all Fedoras due to rhbz1523912 Note that Tenable Network...
MGASA-2018-0077 Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KTPI. Note that according to AMD, this issue does not...
MGASA-2018-0076 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KPTI. Note that according to AMD, this issue does not...
Meltdown and Spectre fallout: patching problems persist
Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and...
Meltdown and Spectre Flaws Collateral Damage to OS & Cloud Services Unavoidable
By Waqas Meltdown and Spectre vulnerabilities haunting users and Tech Giants worldwide This is a post from HackRead.com Read the original post: Meltdown and Spectre Flaws Collateral Damage to OS Cloud Services Unavoidable...