研究人員揭露CPU推測執行漏洞攻擊新手法Pathfinder,能用來洩露加密金鑰與資料
· 2024-05-10

4月底,國際計算機協會的活動發表一篇CPU漏洞攻擊手法的論文,分析CPU的動態分支預測器,存在可洩漏與竄改資料的漏洞

如此一來,可促成兩種類型的攻擊,一種是濫用讀取指令,針對受害者程式進行整個控制流程過往內容的復原,例如,可將處理JPEG圖像的程式庫libjpeg例行的整合控制流程擷取下來,而得以將原本應祕密存取的圖像還原出來;另一種是濫用寫入指令,而能發動高解析度的瞬間攻擊,例如,可運用金鑰還原的攻擊手法對抗AES加密保護。

關於這樣的問題,學者們在去年11月通報英特爾與AMD。

英特爾向他們表示已通知受此狀況影響的硬體與軟體供應商,並於今年4月26日發布資安公告,說明該篇研究描述的狀況是建立在Spectre v1漏洞的基礎之上,他們認為並未出現新的安全顧慮,因此不打算發布新的CVE編號與處理指引。

AMD預告將在資安公告AMD-SB-7016說明,而在4月26日他們發布相關公告,可能是因為與學者的溝通出差錯,或是臨時變更,發出的資安公告編號卻是AMD-SB-7015,他們在此否認自家產品具有如該篇論文描述的漏洞濫用問題。

Popular articles
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Indiana online casino bill stalls in House committee
Regulation
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
PropellerAds Positions Itself as a Go-To Traffic Source for iGaming Advertisers Ahead of a High-Demand Season
Marketing
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Zenith partners with HUIDU for 2026 World Cup Carnival Official Tour
Online Game
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Home
Game
Cooperation
Find
My