Fresh Exploits for Meltdown and Spectre Vulnerabilities Discovered

Last updated September 23, 2021
Written by:
Gabriela Vatu
Gabriela Vatu
Streaming Writer

Because things seemed to have settled some with the Meltdown and Spectre CPU security vulnerabilities that were revealed last month, it seems that's not in our cards - researchers have managed to come up with further exploits beyond those presented in the early proof-of-concept paper.

The latest exploits were prepped by security researchers from Princeton University and chip designer Nvidia and their findings were published in a paper called "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols." In short, they found new ways to conduct side-channel timing attacks by leveraging the two vulnerabilities, The Register reports.

That boils down to malware extracting sensitive information like passwords from vulnerable computer's memory.

Now, there's good news and bad news. The good news is that those software updates that companies are rolling out in the hopes of mitigating the impact of the two CPU vulnerabilities may stop these new exploits. The bad news is that the changes Intel and other CPU makers are working on at a hardware level may not be enough to fight off the attacks. According to the researchers, the exploits attack flaws that are embedded into modern chip architecture and will be difficult to overcome.

The researchers have not released the exploit codes they cooked up so that they could protect everyone.

Fresh Exploits for Meltdown and Spectre Vulnerabilities Discovered

The problem continues to be the fact that aside from Intel, Apple and AMD have been pretty hush about how the two vulnerabilities affect their CPUs, as well as how their performance may be impacted by the announced patches.

Hopefully, CPU makers will manage to find a way to resolve the hardware design issues that allowed the two vulnerabilities in the first place. Until then, Intel, for instance, has expanded its bug bounty program to offer hefty prizes to researchers who discovered flaws related to Meltdown and Spectre. That's always a good idea, of course, since even blackhats may put on a white hat in order to earn some hard cash while also doing the world a favor.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: