Researchers at the Worceseter Polytechnic Institute, Masschusetts, USA and the University of Lübeck, Germany warn of a new speculative execution security flaw present in modern Intel Core processors.
Dubbed "SPOILER" (or "Speculative Load Hazards Boost Rowhammer and Cache Attacks"), the flaw potentially allows attackers to extract passwords, keys and other data from memory using malicious JavaScript in a web browser. As such it is reminiscent of the Spectre vulnerabilities discovered earlier last year, although the researchers say the SPOILER flaw comes from a different hardware unit, the Memory Order Buffer.
Read more...