Software vulnerability discovered by security researchers are generally followed by fixes provided by vendors and considered in after sales services. After each scare, they fix the problem and, at least for that moment, one can relax. However, Firmware news related to vulnerabilities is all together a different matter and worry, which is why, a Spectre finding is in news this month. A threat monitor, who once worked with Intel, has reported new findings on vulnerabilities. He now heads Eclypsium, a firmware-attack monitoring solutions provider.
Bloomberg was among a number of sites that reported that the previous chief threat analyst of Intel has discovered new vulnerabilities that develop on the Spectre bugs. These kinds of errors were disclosed by Yuriy Bulygin, a former leader of the advanced threat research team of Intel, who, now, is the CEO of Eclypsium. The study pointed out that it was possible for a hacker to carry out an exploit to have an access to the firmware of a computer.
“This variation of a Spectre- attack can easily recoups information from a protected System Management Mode (SMM) of a computer,” said Bleeping Computer. SMM is an operating mode of x86 CPUs. Catlin Cimpanu further stated that the attack can recoup information and data kept inside a protected CPU area. A group of operating system (OS) developers, named as OSDev.org, stated that the mode was “intended to be utilized by Firmware/BIOS to carry out low-level system management operations when an OS is in function. This novel variant of Spectre can reveal even those contents of memory that cannot be accessed by the OS kernel, in general, stated Liam Tung of ZDNet.