According to the different news sources that the US Worcester Institute of Technology researchers found another high-risk vulnerability in the Intel processor called Spoiler, similar to the previously discovered Spectre, Spoiler will leak the user’s private data.
While Spoiler also relies on predictive execution techniques, existing solutions that block Spectre vulnerabilities are powerless. Whether it is for Intel or its customers, the existence of Spoiler is not good news.
The research paper clearly states that “Spoiler is not a Spectre attack. The root cause of Spoiler is a flaw in the address prediction technology in Intel memory subsystem implementation. The existing Spectre patch is not valid for Spoiler.”
Like Spectre, Spoiler also enables malicious hackers to steal passwords, security keys and other critical data from memory. But it is important to point out that to use Spoiler to launch attacks, hackers need to be able to use the user’s computer – in many cases, hackers do not have such conditions or use other means to gain access to the user’s computer infected with malicious parts.
The researchers pointed out that, interestingly, they also studied ARM and AMD processors and found that they did not have a Spoiler vulnerability, which means that Intel uses proprietary memory management technology in the processor.
Further research found that Spoiler vulnerabilities existed in almost all modern Intel processors, regardless of the operating system. The researchers said, “This vulnerability can be exploited by limited instructions. Starting with the first generation of Core series processors, these instructions exist in all Intel processors and are independent of the operating system.”
Although the Spoiler vulnerability information has been made public, there are currently no software patches to block this vulnerability. There is no timeline for the release of software patches, and its impact on computer performance is not known.
Intel’s spokesperson stated, ” Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.“