Speculative Store Bypass: spectre for browsers, the nightmare isn’t over yet

cyber bug strikes again

Earlier in January 2018 two huge vulnerabilities dubbed “Meltdown” and “Spectre” were discovered in Intel processors up to two decades old. The hardware vulnerabilities were so impacting that the patches rolled out to fix them would sensibly slow down processing speeds. If you thought that was the end of it, be prepared for the new Spectre-based vulnerability: Speculative Store Bypass.

Speculative Store Bypass for everyone

The video pretty much explains everything there is to know about this latest hardware-related bug. What’s worse is that Speculative Store Bypass also known as “Variant 4” is exploitable to steal sensitive information through JavaScript, hence the browser are target-able. Although not as serious as Meltdown or Spectre, the newest bug shouldn’t be underestimated just because it lacks a fancy name.

The performance degradation of the soon-to-be-available patch is estimated to be between 2% and 8%. That of course is added to the Meltdown and Spectre patches, provided you have installed them on your machine. The good news is that Meltdown and Spectre patches applied to browsers potentially make it really hard to exploit Speculative Store Bypass.

How about Rogue System Register Read (Variant 3a)?

Another vulnerability known as Rogue System Register Read was discovered alongside Variant 4. This vulnerability, known as Variant 3a, isn’t as dangerous as its bigger sister since it would require the attacker to have local access to the machine.

Stay up to date:

The advice, as always, is to keep software updated as much as possible. Patches for this new vulnerability aren’t yet available as of the time of writing this article, however you can find a list containing announcements and useful information regarding the vulnerability below.

Image courtesy of Red Hat

The following two tabs change content below.
The IT guy with a little boredom look in his eyes, fond of computers since forever he now works as a freelancer in the IT and shares his experiences through this blog.

You may also like...