Spectre NG – 8 New Serious Spectre Level Security Vulnerabilities Found in Intel Processors

Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches.

Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors.

Spectre and Meltdown flaw allow an attacker to steal the data that currently processed on the computer it includes the process of personal photos, Emails, Password manager, instant messages and sensitive documents.

Recent discovered “Spectre Next Generation or Spectre-NG”  vulnerabilities have their own names and this flaw have been affected some of the ARM CPUs as well.

Group of security researchers has been reported all these vulnerabilities to Intel and Intel is already working on its own patches for Spectre-NG.

Also, Intel Planned to work with other operating system manufacturers and planning to release the patch in two waves. first one will be May 2018 and the second one will be August 2018.

Google Zero-day elite hackers have been reported one of the 8 vulnerabilities and they have 90-day deadline policy to fix the vulnerability so it was unclear about going public when the deadline ends.

According to Intel, 4 Vulnerabilities are classified as the severity of “high risk” and other 4 vulnerabilities are “Medium risk” in this Out of 8 Spectre-NG Vulnerabilities.

These high-risk vulnerabilities attack scenario similar to the Spectre vulnerability and one of the 8 vulnerability has estimated the potential risk is higher than old Spectre vulnerability.

According to Researchers, Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.

Also, Spectre-NG vulnerability exploitation is quite easier for the attackers across system boundaries.

Researchers warned that this Spectre-NG flaw danger for private individuals and corporate PCs and they should be taken seriously and the upcoming Spectre-NG updates should be installed quickly after their release.

A Spectre-NG vulnerability has been clearly double and triple check the consequences of the flaw and researchers denied to publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public.

In this case, Microsoft already started working for patches and PC manufacturers are taking too long to provide BIOS updates. Microsoft already announced up to $250,000 in a bug bounty program for Spectre flaws .

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

8 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

8 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

11 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

14 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

15 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

16 hours ago