Researchers receive Intel reward for new Specter vulnerability

Intel has paid two researchers $100,000 to find a new Spectre-esque leak. They believe that the vulnerability can be solved by hardware changes, but that abuse is also hindered by existing Specter measures.

The researchers, Vladimir Kiriansky of MIT, and consultant Carl Waldspurger, detailed their discovery in a recent paper. In it, they emphasize a variant that they themselves call Specter 1.1, also referred to as CVE-2018-3693 or bounds check bypass on stores. In addition, they introduce Specter 1.2, but offer few details. Intel reports that the severity of Specter 1.1 is “high” and that this variant also makes it possible to steal sensitive information as soon as an attacker has access to a system. The company has paid out a hundred thousand dollars through HackerOne to one Vladimir.

The method presented by the researchers is also referred to in the paper as speculative buffer overflows. The authors write: “As with classic buffer overflows, speculative out-of-bounds stores can modify data and pointers.” They argue that measures against the classical overflows can also protect against the ‘speculative’ variants.

Microsoft writes that it is investigating the new variant and that there is currently no indication that its software has been affected. Arm has updated his site about Meltdown and Specter, calling the new variant the first variant of Specter published in January. As a result, several Cortex processors appear to be affected. AMD hasn’t updated its own page on speculative execution yet, and Intel has released a modified whitepaper.

In the original disclosure of this category of vulnerabilities, two variants of Specter were mentioned and another variant known as Meltdown. Since then, the total number of variants has grown to seven due to revelations that have taken place in the meantime.