The big picture: Spectre and Meltdown had a lot of security researchers’ jaws dropping and had the tech community in a bit of a frenzy. But there’s little need to panic over these new attacks; they’re simply variations of the original attacks that ‘should’ already be stopped by the patches for existing vulnerabilities.
A team of nine researchers, that includes several of the researchers that discovered the original Spectre and Meltdown, have found seven new attack paths. All of them have been successfully demonstrated with proof-of-concept code.
Two of them exploit the Meltdown vulnerability. Meltdown-BR exploits x86 instruction paths in AMD and Intel processors, while Meltdown-PK bypasses memory protection keys exclusively on Intel processors. The researchers actually developed eight Meltdown attacks but have yet to get the remaining six to work.
The remaining five are all variations of Spectre, and they affect Intel, AMD and ARM processors. Two of them exploit the Branch Target Buffer while the other three exploit the Pattern History Table.
“Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.”
The researchers reported the attacks to all the major chip vendors, but they aren’t too happy with the responses they’ve received. Apparently, AMD didn’t even acknowledge their results and Intel disagrees with them about whether or not a new patch is required.
Intel issued the following statement:
The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research.
According to their research, some existing patches may work, but not all. Intel, however, claims that their experimental process was faulty and that in a real-world situation their attacks would not be successful. The researchers decided to ignore Intel and have outlined how to patch the vulnerabilities themselves in their research paper.
“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets.”
Remember though, no actual attack that exploits Spectre or Meltdown has ever been discovered in “the wild.” It was expected that various off-shoots of the original attacks would be discovered, such as these. Keep your devices up to date and you’ll have nothing to worry about.