Skip to main content

New ‘Prime’ Meltdown, Spectre exploits outlined by Nvidia, Princeton University

Just one month after researchers exposed methods to extract sensitive data from a device’s memory through all modern processors, another research paper arrives to illustrate how the processor design flaw can be used in other attacks. The paper, dubbing the new exploits MeltdownPrime and SpectrePrime, derives from three researchers who work at at Princeton University and graphics chip manufacturer Nvidia. 

As reported last month, all processors dating back to at least 2011 have a flaw in the way they’re designed. Part of a processor’s speed comes from its ability to predict where the current list of instructions will go — they have “branch prediction units” that take an educated guess about what command will come next. To make these predictions, processors toss data back and forth from two memory sets: local on-chip memory called cache for fast access, and the PC’s system memory. This data isn’t secured, and that’s where the original Meltdown and Spectre attacks come in. 

Recommended Videos

The Meltdown approach applies to Intel and Apple processors. A hacker can create a malicious program to access that raw information, which could include usernames, passwords, credit card numbers, and so on. It taps into the privileged information typically only accessible by the root of an operating system, otherwise known as the kernel. 

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

Meanwhile, Spectre applies to Intel, AMD, and all mobile chips based on ARM’s processor design, including Apple. Here hackers can create a program to trick the processor into executing instructions not built into legitimate programs and apps installed on the PC. In other words, your favorite apps and programs could be tricked into coughing up your sensitive data. 

Both methods are merely proof-of-concepts reported by Google Project Zero, and researchers from Cerberus Technology and various universities. Both are called side-channel attacks as they don’t target specific software, such as Adobe Flash. 

The new MeltdownPrime and SpectrePrime exploits rely on an attack called Prime+Probe that takes advantage of processor “cache invalidations,” which is a method of replacing or removing entries in the CPU’s cache. Whereas Meltdown and Spectre simply “pollute” this cache during the CPU’s path prediction (aka speculative execution), the new exploits take a different approach. 

“MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol,” the paper states. A coherence protocol means that the PC is keeping all data stored in cache and memory consistent. But that protocol may “invalidate cache lines in sharer cores as a result of a speculative write access request even if the operation is eventually squashed.” 

The researchers validated their findings using a MacBook packing an Intel Core i7 processor, and MacOS Sierra v10.12.6. They ran the exploit 100 times on the machine, with a 99.95-percent success rate for SpectrePrime versus the 97.9-percent rate seen with the vanilla Spectre exploit. 

“We believe that any software techniques that mitigate Meltdown and Spectre will also be sufficient to mitigate MeltdownPrime and SpectrePrime. On the other hand, we believe that microarchitectural mitigation of our Prime variants will require new considerations,” the paper states. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Hurry! The M4 MacBook Pro just got an unheard of discount
Someone using a MacBook Pro at a desk.

The 2024 MacBook Pro with M4 chip hasn't even been out for a month, but it already has its first major discount. Amazon just knocked $200 off the 14-inch configuration, dropping the price to $1,399 from $1,599. While a $200 discount on a MacBook isn't world-shattering, the fact that this laptop is so new makes this an unheard of deal. Let's dive into some other noteworthy aspects of this sale.

Why you should buy the MacBook Pro M4
This specific configuration of the M4 Pro has a 10-core CPU, 10-core GPU, 16GB of RAM and 512GB of SSD storage. The 16GB of RAM is particularly noteworthy, as it's the new standard for Apple. That makes this a better deal than some of the M3 models with 8GB of RAM. This model of course comes with Apple's signature Liquid Retina XDR display on its 14.2-inch screen, and it's ready for Apple Intelligence.

Read more
Google may finally bring back the Pixelbook, but not how you think
google pixelbook i7 price cut amazon

One of Google’s upcoming big projects could be a high-end laptop slated to be the next rival of the MacBook Pro.

An internal email obtained by Android Headlines detailed that Google has greenlit a project for a device codenamed “Snowy.” The email suggests the device is a laptop with premium specifications similar to the Dell XPS, Microsoft Surface Laptop, the Samsung Galaxy Chromebook, and the brand’s largest competitor, Apple’s MacBook Pro. With the project past the concept phase, it would likely be quickly expanded into a viable product under the Pixel line.

Read more
Best early Black Friday deals under $100: Amazon Echo, TVs, headphones and more
The Amazon Echo Pop on a desk.

Update 11/19/24: Black Friday is still over a week away, but you can already start your shopping with the Black Friday deals under $100 that we've gathered here. There's a possibility that these affordable items get even bigger discounts when the sale officially launches, but we won't blame you if you're already tempted by today's prices.

Black Friday will start on November 29, but if you've already got the itch to shop, check out the early Black Friday deals under $100 that we've gathered here. The offers cover smart home devices, laptops, TVs, kitchen gadgets, and so much more, so if you want to start enjoying discounts without blowing your entire budget for the shopping event, take a look at our favorite bargains below.

Read more