'"Scientists from the University of California, Riverside (UCR) have published details last week about a new Spectre-class attack that they call SpectreRSB," reports Bleeping Computer. "Just like all 'Spectre-class' attacks, SpectreRSB takes advantage of the process of speculative execution -- a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. The difference from previous Spectre-like attacks is that SpectreRSB recovers data from the speculative execution process by attacking a different CPU component involved in this 'speculation' routine, namely the Return Stack Buffer (RSB)." In a research paper, academics say they've used SpectreRSB attacks to recover data belonging to other processes, and have even tricked the RSB into spilling SGX secrets. The attack works on Intel, AMD, and ARM processors, known to use RSB. The attack can also bypass all the mitigations put in place for the original Spectre/Meltdown flaws.' -- source: https://it.slashdot.org/story/18/07/23/2143259 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/