Tuesday, May 13, 2025
HomeCVE/vulnerabilityNew Spectre Vulnerability Let Hackers Attack Billions of Computers

New Spectre Vulnerability Let Hackers Attack Billions of Computers

Published on

SIEM as a Service

Follow Us on Google News

The teams of security researchers at the University of Virginia and California (USA) have recently identified a very new Spectre-like attack on computer hardware.

According to the report, this attack enables data to be stolen when the processor grabs instructions from its micro-op cache.

This vulnerability affects billions of computers and several devices globally. As per the researchers, this vulnerability is quite critical and it will be much more difficult to fix, unlike the previous speculative execution vulnerabilities.

- Advertisement - Google News

However, this new method of attack has come up with all new techniques and source and, that’s why it makes more difficult for the experts to fix this vulnerability.

While the methods that have been used in this attack, are affecting the Intel and AMD-based systems, which were released in 2011. Apart from that it also includes the Intel Skylake and AMD Zen series.

Security fixes critically affecting the performance

After going through all the details regarding this Spectre attack, the cybersecurity analysts estimated that the realization of a patch for this vulnerability will be more difficult, and it also has quite serious consequences on the system performance.

The experts pronounced that this cache is fundamentally different from higher-level caches. And it is not easily accessible, as well as it also acts as a stream buffer to quickly get the results of the decoding of CISC instructions in a RISC microinstruction.

“Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software” researchers said.

The original Spectre vulnerabilities that were attacking billions of computers were partially fixed for a certain period.

Moreover, Microsoft has initially implemented some protection and Intel redesigned the next-generation chips. So, for now, it is very difficult to protect the chips completely.

Difficult to mitigate

As we stated above that this is one of the complicated vulnerabilities to disable. But, the most difficult part is to predict the instructions, that’s the reason why the current mitigations are failing to protect the computer from this new attack vector.

But, some optimal methods like, one can be proposed to block these types of attacks not by disabling caching, but by monitoring the irregularities and speculating all the typical cache that come under these attacks.

However, the main issue is that the level of the microinstruction cache is very low as compare to the level at which vulnerabilities like Spectre work. 

This is the main reason that why Spectre vulnerability protection is not working against this new vulnerability. 

Apart from this, the new vulnerability attacks are having all primitive layers in processor architectures, therefore it is severely affecting the performance of both Intel and AMD processors.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...