Security advisories

Spectre Variants 1.1 & 1.2

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Two new variants of the Spectre side channel attack have been discovered, neither of which are mitigated by previous Spectre security patches. eSentire Threat Intelligence assesses with medium confidence that, if weaponized, these vulnerabilities would represent a significant threat to clients. A successful attack using Spectre variant 1.1 may result in the theft of sensitive information such as usernames and passwords. The successful use of variant 1.2 could allow an attacker to overwrite ‘read-only’ data, effectively escaping a sandbox environment. In order for exploitation to occur, Spectre v 1.1 and v 1.2 require malicious code to already be on the system. The complexity and requirement of the previous infection make the weaponization of these vulnerabilities unlikely in the near future.

What we’re doing about it

What you should do about it

Additional information


References:

[1] Speculative Buffer Overflows: Attacks and Defenses
https://people.csail.mit.edu/vlk/spectre11.pdf

View Most Recent Advisories