Intel has paid a $100.000 bounty for processor vulnerabilities related to Spectre variant one. The new variants, discovered by security researchers Vladimir Kiriansky and Carl Waldspurger, are dubbed Spectre 1.1 and Spectre 1.2 with the initial one considered the most dangerous of the two. However, the full impact of the vulnerabilities is currently unknown with companies scrambling to test them against their systems. The researchers were rewarded a $100.000 bounty for their findings through Intel’s bug bounty platform.
Spectre 1.1 & 1.2
Two new Spectre variants were discovered by security researchers Vladimir Kiriansky and Carl Waldspurger. Dubbed Spectre 1.1 (tracked through CVE-2018-3693) and Spectre 1.2 they are related to variant one of the Spectre vulnerability described here. These vulnerabilities come nearly a month after Google and Microsoft researchers revealed a new Spectre variant, affecting millions of devices.
The findings of Kiriansky and Waldspurger have been released publicly through a research paper titled “Speculative Buffer Overflows: Attacks and Defenfes”. Furthermore, the Spectre variants found are described as follows within.
“We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows … We also present Spectre 1.2 on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes.”
What’s the impact?
Several large companies, including Microsoft, Red Hat and Oracle, are now investigating whether the new Spectre variants have any impact on their products. Thankfully the same conditions need to be met in order for infection to occur: An attacker will need privilege to install and execute malicious code on the system. This means that attacks are less likely to occur in a widespread fashion.
Finally, Kiriansky and Waldspurger were rewarded for their findings with $100.000. The sum was revealed on Intel’s bug bounty platform supplied by HackerOne as found here.