Nvidia and Uni security researchers developed a new Spectre and Meltdown exploit

[Recruit]

Ever since the Meltdown and Spectre revelations hit at the start of this year, security researchers have been working out the extent of the damage and the various ways it can be exploited in order to help with patch development. This week, experts from Nvidia and Princeton University managed to develop some exploits known as ‘SpectrePrime’ and ‘MeltdownPrime’.

 

MeltdownPrime has yet to be used successfully against any real-world hardware. However, SpectrePrime was used to extract data from a MacBook equipped with an Intel Core-i7 processor. Both exploits work by targeting cache invalidation protocols to sneakily take data from a machine or applications using cache memory.

 

 

 

As the research paper states, these ‘Prime’ exploits leverage “coherence invalidations” and enable “a Prime+Prove attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information”.

 

The code for these exploits has obviously been kept under wraps, as they were only made for behind the scenes testing. Security researchers often come up with their own exploits and then use that information to inform software or hardware providers so that they can fix the issue. This particular exploit for example, is already mostly protected against with the latest patches installed, which goes to show that updating regularly is important and should not be looked over.

 

Source