View Single Post
Old 02-22-2018, 7:02 PM
jdfthetech's Avatar
jdfthetech jdfthetech is offline
Join Date: Dec 2017
Location: Los Angeles
Posts: 190
iTrader: 0 / 0%

Actually spectre can result in privilege escalation through running unsigned code. The code you linked is only one small example of a vulnerable program.

The way spectre works is by exploiting the prediction checksums that are used to speed up processors. This is because Intel uses prediction algorithms to do multiple computations at once on all the cores and stores the answers in cache, if the answer to a problem is not used it's tossed out and those bits are used for the next round. Spectre can make a privilege check go from 0 to 1 so it potentially allows for privilege escalation.

This exploit is hard coded into the processor. The current 'fix' for this is to disable the vulnerable checksums which essentially slows the processor down by around 12-25% depending on the application. This slowdown is generally only felt when the processor is at full load.

The spectre attacks published were purposely not released with major vulnerabilities because script kiddies would just copy the code and start having a field day, much like the days of 'Back Orifice' when the network stack was exploited and MS hadn't fixed it.
while (bullets > 0 && target == 1){fire == 1;}
Reply With Quote