Working Spectre exploits for Windows and Linux devices uncovered

Spectre and meldown
(Image credit: Graz University of Technology)

A security researcher has discovered several working Spectre exploits that were uploaded to the VirusTotal database last month. Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors

While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty, which prevents its blanket use. This means that there’s still a large number of systems that are vulnerable to the recently discovered exploits by security researcher Julien Voisin.

“Someone was silly enough to upload a working spectre (CVE-2017-5753) exploit for Linux (there is also a Windows one with symbols that I didn't look at) on VirusTotal last month,” wrote Voisin as he analysed both exploits in detail.

Working exploits

As per BleepingComputer’s reading of Voisin’s brief, it appears that on unpatched systems the exploits allow unprivileged users to read the contents of the file that stores user passwords in both Windows and Linux.

Voisin was able to successfully use the exploit on an unpatched machine running Fedora in his lab.

In an ensuing discussion, it is revealed that the exploits were part of a larger package whose name seemed to suggest that it was part of the Canvas penetration testing tool. Interestingly, as BleepingComputer notes, Canvas has advertised that it has working Spectre exploits for Windows and Linux for over three years now. 

At the time of Voisin’s original analyses both exploits had a nil detection rate. However, at the time of filing this report, twenty engines have been taught to flag the exploits. 

Spectre and Meltdown first raised concerns in 2018, when it was discovered in 2018 that all Intel CPUs produced in the last 20 years were vulnerable to the "catastrophic" Spectre and Meltdown vulnerabilities

These hardware flaws enabled normal user programs, such as database applications and JavaScript in web browsers, to identify some of the layout or contents of protected kernel memory areas of the vulnerable chips.

Via: BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.