Attackers can use CPU hardware bug for data

Multiple vulnerabilities found in CPUs could put you at risk.

Threat: Two vulnerabilities have been found in CPU hardware that utilizes speculative execution.

Damage risk: The vulnerabilities, named Variant 3a and Variant 4, would allow bad actors with local user access to control future speculative execution. The vulnerabilities also make it possible for attackers to read arbitrary privileged data using less privileged code with timing side-channel analysis.

Exploited flaw: The flaw causes allocations in the cache, which allows a sequence of speculative loads to be used for the timing side-channel attacks.

Fixes/Workarounds: Update system software as soon as possible if affected, and update to the latest version of any web browser in use.

Info: tinyurl.com/CPU489