unternehmen_arm   3

CPU-Lücken ret2spec und SpectreRSB entdeckt
Auch der Return Stack Buffer (RSB) von Intel-Prozessoren lässt sich zum Auslesen vermeintlich geschützter Speicherbereiche durch spekulative Ausführung missbrauchen. Eine dieser RSB-Sicherheitslücken haben Giorgi Maisuradze und Christian Rossow vom Center for IT-Security, Privacy and Accountability (CISPA) der Uni Saarland ret2spec beziehungsweise Spectre v5 getauft. Intel, AMD und ARM haben die Schwachstelle bestätigt. Eine CVE-Nummer existiert bislang aber anscheinend noch nicht. Eine naheliegende Möglichkeit, ret2spec für Angriffe zu nutzen, wären präparierte Webseiten oder E-Mails mit JavaScript- oder WebAssembly-Schadcode. Einige der schon bisher gegen Spectre & Co. per Update in Browsern eingebauten Schutzmaßnahmen helfen auch gegen ret2spec, wie die CISPA-Forscher in ihrem Paper erläutern.
heise, 24.07.2018
itsicherheit_cpu_meltdown_spectre  itsicherheit_exploit_flaw  itsicherheit_seitenkanal_analyse_angriff  unternehmen_intel  unternehmen_amd  unternehmen_arm  uni_de_saarland  software_javascript  software_browser_allg_wasm  itsicherheit_malware_spyware  itsicherheit_sandbox_isolierung  itsicherheit_software_browser 
9 weeks ago by kraven
Researchers Detail New CPU Side-Channel Attack Named SpectreRSB
Academics from the University of California, Riverside (UCR) have published details last week about a new Spectre-class attack that they call SpectreRSB. The difference from previous Spectre-like attacks is that SpectreRSB recovers data from the speculative execution process by attacking a different CPU component involved in this "speculation" routine, namely the Return Stack Buffer (RSB). In the grand architecture of a CPU, the RSB is a component that is involved in the speculative execution routine and works by predicting the return address of an operation the CPU is trying to compute in advance, part of its "speculation." In a research paper published last week, UCR researchers said the could pollute the RSB code to control the return address and poison a CPU's speculative execution routine. For example, in two attacks, they polluted the RSB to expose and recover data from other applications running on the same CPU, and in a third, they polluted the RSB "to cause a misspeculation that exposes data outside an SGX compartment." Researchers said they reported the issue to Intel, but also to AMD and ARM.
bleeping computer, 23.07.2018
itsicherheit_cpu_meltdown_spectre  itsicherheit_exploit_flaw  itsicherheit_seitenkanal_analyse_angriff  tech_hw_chip_intel_sgx  unternehmen_intel  unternehmen_amd  unternehmen_arm  uni_us_uc_riverside 
9 weeks ago by kraven
Reading privileged memory with a side-channel
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. So far, there are three known variants of the issue: Variant 1: bounds check bypass (CVE-2017-5753), Variant 2: branch target injection (CVE-2017-5715), Variant 3: rogue data cache load (CVE-2017-5754). Before the issues described here were publicly disclosed, Daniel Gruss, Moritz Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg, Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their [writeups/blogposts/paper drafts] are at: Spectre (variants 1 and 2), Meltdown (variant 3) [NB: Fuck you Intel, mein nxter Rechner wird non-intel].
google project zero, 03.01.2018
itsicherheit_exploit_flaw  itsicherheit_malware_spyware  itsicherheit_speicher_aslr  itsicherheit_hardware  itsicherheit_implementierung  itsicherheit_os  unternehmen_intel  sicherheitsforschung_itsicherheit  software_os_linux  software_os_windows  software_os_mac  software_os_kernel  unternehmen_amd  unternehmen_arm  tech_hw_chip_cpu  tech_hw_chip_cpu_cache  itsicherheit_cpu_meltdown_spectre  itsicherheit_seitenkanal_analyse_angriff 
january 2018 by kraven

related tags

itsicherheit_cpu_meltdown_spectre  itsicherheit_exploit_flaw  itsicherheit_hardware  itsicherheit_implementierung  itsicherheit_malware_spyware  itsicherheit_os  itsicherheit_sandbox_isolierung  itsicherheit_seitenkanal_analyse_angriff  itsicherheit_software_browser  itsicherheit_speicher_aslr  sicherheitsforschung_itsicherheit  software_browser_allg_wasm  software_javascript  software_os_kernel  software_os_linux  software_os_mac  software_os_windows  tech_hw_chip_cpu  tech_hw_chip_cpu_cache  tech_hw_chip_intel_sgx  uni_de_saarland  uni_us_uc_riverside  unternehmen_amd  unternehmen_intel 

Copy this bookmark:



description:


tags: