This Week in Security: Lingering Spectre, Deep Fakes, and CoreAudio

Two new attacks based on the Spectre processor vulnerability have been discovered by separate research teams.
The first, “Training Solo”, was devised by the team at VUSec and involves using CPU branch prediction technology to execute malicious processes in the kernel, thereby bypassing any domain isolation protections.
Another team, from ETH Zurich, found that Intel’s asynchronous branch prediction technology could be exploited via a race condition, enabling a user with low-level privileges to poison the branch prediction and subsequently launch a kernel-level attack.
Both attacks have been patched by Intel in its microcode.
In other security news, a blog has discussed the multiple security features of banknotes and how currency validators authenticate them, while the FBI has warned about the increasing use of deepfakes to scam individuals and businesses.
Microsoft’s AI search tool, Copilot, which has access to sensitive data held in SharePoint, has also come under scrutiny, with concerns being raised about its potential for covert data collection.

Fast Feed