The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites.
[...] RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS (Microarchitectural Data Sampling) vulnerabilities to mount practical attacks and leak sensitive data in real-world settings.
[....] Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer.
(Score: 3, Insightful) by RamiK on Wednesday May 15 2019, @11:34AM (1 child)
That we know. With so many parties finding out about these independently, it's not unreasonable to assume governments and black-hats been exploiting them for years.
compiling...
(Score: 2) by RamiK on Wednesday May 15 2019, @11:36AM
Almost forgot:
Winning.
compiling...