Researchers at the University of Virginia and the University of California at San Diego have discovered new Specter vulnerabilities that are likely to affect all modern Intel and AMD processors with microprocessors.
The research team said: Hackers could steal data when the CPU fetched commands from its micro-process cache.
And given that all modern Intel (since 2011) and AMD (since 2017) processors use microprocessor caches, they are all vulnerable to a hypothetical attack.
The consequences of the widespread Specter vulnerability, which affected many processors and devices in 2018, are still being felt today.
According to the researchers, it is difficult to mitigate the effects of new versions of the vulnerability, despite the difficulty of implementing it.
And none of the existing Specter mitigations can protect against attacks that use the newer versions.
Before the information was released, researchers warned Intel and AMD of vulnerabilities that could allow hackers to steal data from the device.
But no small software updates or OS patches have yet been released from Intel and AMD, and they may remain that way, because the nature of potential attacks and their mitigations is complex and comes with a major caveat.
According to the information, the risk may be limited to direct attacks because exploiting micro-process cache vulnerabilities is extremely difficult.
In essence, malware must bypass all other software and hardware security measures that modern systems have and then carry out a very specific type of unconventional attack.
For Intel and AMD, one of the biggest concerns will be that performance will be affected by mitigation measures identified by the researchers.
The authors of the paper explain that this mitigation may come with a decline in performance that is much greater than the decline that occurred during previous attacks.
One way to mitigate is to clear the cache of microprocesses at field junctions, but given that modern CPUs need to clear iTLB in order to clear the cache of microprocesses, frequent cleaning of both leads to dire consequences for performance, as it cannot Processor has to make any progress forward until iTLB is refilled.
The second method is to partition the microprocess caches based on privileges, however, as the number of protection areas increases, this partitioning translates into a significant underuse of the microprocess cache, which removes many of its performance advantages.
It is still not known how easily these vulnerabilities can be exploited for modern Intel and AMD processors in the real world, so the risk may be limited to attacks from nation-states.
