New speculative execution micro op vulnerability PoC
Anyone know where we can get a Proof of Concept for the new vulnerability?
The 2018 one is here in C:
https://github.com/crozone/SpectrePoC
Javascript:
https://github.com/google/security-research-pocs/tree/master/spectre.js and demo https://leaky.page
Press release from University: https://engineering.virginia.edu/news/2021/04/defenseless
Would be really interesting to see the technical details...
My suspicion is they pretend to jump to and execute the protected memory region to load it rather than doing indirect addressing. Which makes it surprising it took 3 years more to figure this out.
|