What We Do
How We Do
Resources
Company
Partners
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Get Started
Security advisories

Spectre Variants 1.1 & 1.2

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Two new variants of the Spectre side channel attack have been discovered, neither of which are mitigated by previous Spectre security patches. eSentire Threat Intelligence assesses with medium confidence that, if weaponized, these vulnerabilities would represent a significant threat to clients. A successful attack using Spectre variant 1.1 may result in the theft of sensitive information such as usernames and passwords. The successful use of variant 1.2 could allow an attacker to overwrite ‘read-only’ data, effectively escaping a sandbox environment. In order for exploitation to occur, Spectre v 1.1 and v 1.2 require malicious code to already be on the system. The complexity and requirement of the previous infection make the weaponization of these vulnerabilities unlikely in the near future.

What we’re doing about it

What you should do about it

Additional information


References:

[1] Speculative Buffer Overflows: Attacks and Defenses
https://people.csail.mit.edu/vlk/spectre11.pdf

View Most Recent Advisories