Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

Yuriy Bulygin, the former head of Intel’s advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). Spectre and Meltdown vulnerabilities enable software attacks using CPU design flaws common to Intel, AMD, and Arm chips to access secrets stored in memory.

Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system’s firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware.

Read more about the new variant of Spectre that can expose the contents of memory that normally can’t be accessed by the OS kernel on ZDNet.