While the chaotic Spectre vulnerability keeps coming back, another vulnerability has now come up to trouble users. Termed SplitSpectre, the recently discovered vulnerability could allow an attacker for speculative execution attacks.
SplitSpectre – Another Spectre Variant Discovered
After Foreshadow and other Spectre-like flaws, another Spectre variant has come to haunt users. This time, it is the SplitSpectre vulnerability that is even more dangerous.
The vulnerability could allow an attacker to target a victim’s system by exploiting the speculative execution function of microprocessors. The researchers from Northeastern University and IBM Research have published their findings in a detailed research paper.
As stated in their paper, SplitSpectre seems a Spectre v1 variant. The difference, however, lies in the way it executes. It requires a small chunk of vulnerable code on the victim’s machine, without requiring the attacker to have an own malicious code.