Select Page

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system.

Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass and can be used to defeat address-space layout randomization on the remote system.

If you’re unaware, the original Spectre Variant 1 flaw (CVE-2017-5753), which was reported earlier this year along with another¬†Spectre and Meltdown flaws, leverages speculative stores to create speculative buffer overflows in the CPU store cache.

images from Hacker News