SplitSpectre – New Spectre-like Vulnerability Ready to Hit CPUs (Dec 10, 2018)
A new vulnerability has been discovered by researchers from Northeastern University and IBM that could allow for speculative execution attacks, dubbed "SplitSpectre." This vulnerability is a Spectre v1 variant, and allows for a threat actor to exploit the speculative execution function of microprocessors without having to inject their own malicious code. According to the research paper produced by the researchers who identified this vulnerability, the SplitSpectre vulnerability "splits the Spectre v1 gadget into two parts: one consisting of the conditional branch and the array access (phase 3), and the other one consisting of the second array access that constitutes the sending part of the side channel (phase 4). This has the advantage that the second part, phase 4, can now be placed into the attacker-controlled code. It is more likely that an attacker finds such gadgets, thereby alleviating one of the main difficulties of performing a v1 attack. Furthermore, the attacker can choose to employ amplification of a v1 attack by reading multiple indices of the second array to deal with imprecise time sources."
Recommendation: Current mitigations against "Spectre" should also help mitigate this vulnerability. Update your firmware to the most recent version and ensure you have antivirus software constantly running. To find out more information regarding "Spectre" and it's advised mitigations, see Microsoft's security advisory: "https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown."
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.