Researchers Discover a New Variant of the Spectre Vulnerability Raising Renewed Concerns

The well-known vulnerability Spectre, which creates speculative buffer overflows, has a brand-new variant. Cybersecurity researchers Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) disclose the discovery of the new Spectre variant in a paper published earlier this week. The new bug is officially called Spectre 1.1 (CVE-2018-3693), yet it is also known as "Bounds Check Bypass Store," or BCBS. It is very similar to the classic buffer overflow security flaws unleashed earlier this year as it leverages speculative stores to allow unauthorized access to vulnerable machines.

This new variant of Spectre is considered by the experts a minor version of the original Spectre V1 family since it exploits the same conditional branch speculation or the same opening in the execution window. Respectively, the reach of the Spectre 1.1 is also vast – it affects millions of devices powered by the most popular processors, including AMD and Intel.

Systems powered by microprocessors which utilize speculative execution and branch prediction are vulnerable to such buffer overflow attacks as local hackers could execute arbitrary untrusted code on such vulnerable systems and exploit the buffer overflow vulnerabilities to expose sensitive information by performing a side-channel analysis.

Along with the Spectre 1.1, the researchers have also presented another minor variant of the original Spectre flaw – Spectre 1.2. It affects processors which do not enforce read/write protections and PTE enforcement. Both Spectre 1.1 and Spectre 1.2 have been validated on the ARM and Intel x86 processors. For these variants of the vulnerability, it is recommended to use the Sloth family of microarchitectural mitigations, whereas in the future chip manufacturers can implement a so-called Rogue Data Cache Store protection feature.

Though minor, the two newly discovered flaws represent a considerable risk of cyber attacks as they allow both local and remote attackers to conduct arbitrary speculative writes, and to bypass existing software mitigations. So, the entire industry of chip manufacturers is currently working on fixes for the issues and users should check for security patches on a regular basis in order to keep their operating systems updated.