We have just received reports that a team of researchers discovered a new variation of the Spectre CPU bug known as the SplitSpectre CPU Vulnerability. It allows malicious users to hijack sensitive data vi the same speculative execution approach as the Spectre bugs.
The SplitSpectre Vulnerability is a Variation of the Spectre Bug
A team of researchers from Northeastern University and researchers from IBM have discovered a new variation of a speculative execution bug, the first of which was Spectre. The problem has been found to be within the way CPUs are designed. As with the prior Spectre variants the execution of processes is an optimization process which is designed to run the applications faster. This particular case has been found to be distinct from Spectre as it operates using a different attack scenario.
- Field Manipulation — While the users are entering in form data the information can interactively be changed without them noticing.
- Sensitive Data Theft — This speculative execution behavior can be used to successfully hijack sensitive information such as login information.