Security News > 2023 > July > S3 Ep145: Bugs With Impressive Names!
2023-07-27 18:47
The problem is there was no data authentication or verification stage.
The moral of the story is: Don't rely on data you can't verify.
The suffix "-bleed" is used for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can really control.
You just get pseudorandom data that leaks out of other people's programs.
It's basically a problem with vector processing, which is where Intel and AMD processors work not in their normal 64-bit mode, but where they can work on 256-bit chunks of data at a time.
They're actually 16-byte chunks of data *that came from somebody else's process*.
News URL
https://nakedsecurity.sophos.com/2023/07/27/s3-ep145-bugs-with-impressive-names/