Two researchers at the University of Saarland in Germany published the paper “ret2spec: Speculative Execution Using Return Stack Buffers” (PDF), which revealed a new vulnerability in the Intel processor. The new flaw enables an “inverse spectre attack” that allowed an attacker to read data without authorization. The vulnerability is caused “by CPUs predicting a so-called return address for runtime optimization.”
If the attacker can manipulate this prediction, he will be able to control the predictive execution programming code and bypass the data that should be blocked. For example, a malicious web page can access and copy important data such as passwords.
The researchers said they notified the vendors in May that the 90-day confidentiality period had passed, so they now open the paper. The researchers said that ARM and AMD processors may also be affected by the vulnerability.