Skip to main content

First Spectre, now BranchScope — another vulnerability in Intel processors

Researchers from four universities discovered a new vulnerability in Intel’s processors dubbed as BranchScope. The problem resides in the method a processor uses to predict where its current computational task will end, aka speculative execution. By exploiting this flaw, hackers with access to the PC could pull data stored from memory that’s otherwise inaccessible to all applications and users. 

The speculative execution process enhances the CPU’s speed by enabling the chip to “speculate” what needs to be done later in the chain of commands to finish the overall task as quickly as possible. This feature explores options in advance, taking different avenues in various branches to get to the final destination in the shortest amount of time. With the path laid out, the CPU completes its task and moves on to the next. 

Recommended Videos

The BranchScope exploit enables attackers to take control of this “think ahead” decision-making component and steer the upcoming path in the wrong direction. Hackers can then grab sensitive data stored in memory not generally accessible by users and applications. The vulnerability is similar to Spectre Variant 2, only BranchScope targets the process that decides which branch the CPU will take next whereas Spectre Variant 2 resides in the cache component associated with branch prediction. 

“BranchScope works reliably and efficiently from user space across three generations of Intel processors in the presence of system noise, with an error rate of less than one percent,” the paper states. “BranchScope can be naturally extended to attack SGX (Software Guard Extensions) enclaves with even lower error rates than in traditional systems.” 

The researchers specifically tested BranchScope on three Intel processors: The sixth-generation Core i5-6200U chip, the fourth-generation Core i7-4800MQ chip, and the second-generation Core i7-2600 chip. As the paper suggests, hackers don’t need administrator privileges to execute the attack. Data can even be pulled from private regions of memory, aka enclaves, that’s locked away by the processor’s Software Guard Extensions. 

The researchers believe Intel’s updates addressing Meltdown and the two Spectre vulnerabilities won’t mitigate the security hole seen in the BranchScope discovery. The problem resides in a different part of speculative execution thus Intel will need to conjure up new software fixes for current chips, and a hardware fix for future processors. But Intel believes it’s current patches should address the BranchScope issue. 

“We have been working with these researchers and have determined the method they describe is similar to previously known side channel exploits,” the company states. “We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper.” 

According to Intel, one of the best ways to protect customers is to have a close relationship with the research community. But the company likely wasn’t quite so enthusiastic after researchers went public with the Meldown and Spectre vulnerabilities earlier this year. The company is likely bracing for additional criticism given BranchScope is now out in the open. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Cyber Week Alienware gaming laptop deals 2024: What’s still available
trashed 35 459 digital trends best cyber monday alienware deals 8663c7

Gaming laptop deals are always worth taking a look at during Cyber Week, as things like Cyber Monday Dell laptop deals and Cyber Monday gaming laptop deals pretty regularly make for some of the best Cyber Monday deals overall. Here, we’re looking specifically at what Alienware still has to offer now that Cyber Monday is over. The popular gaming brand has a lot to offer, in fact, with builds from almost every one of its laptop models currently discounted for Cyber Week. Read onward for all of the details, and don’t hesitate to make a purchase if you see something you like, as it’s not that likely that these deals get much better.
Best Cyber Week Sales

Amazon -
Best Buy -
Dell -

Read more
Cyber Monday Strategy: Should you save the full $466 on a complete Microsoft Surface Pro 11 for Cyber Monday?
Microsoft Surface Pro 11 front view in tablet mode.

A lot of Cyber Monday deals can give you a feeling of restriction. And by this, I mean there isn't a lot of room for the freedom to choose and build and tinker like there are at other times. "This is what you'll get, and you'll like it!" the world seems to say. And that's true of Cyber Monday Microsoft Surface deals, too (including the "you'll like it" part, they are pretty great deals and you will like them, go check them out!). But, if you go through Microsoft you can now get a Surface Pro 11 bundle with the works (including the critical keyboard and even a stylus pen) and get up to $466 in savings. It's one of the best ways to get the full Microsoft Surface Pro 11 experience out there. But how should you build your bundle? And is maxing out the savings really the best choice? Tap the button below to get started and we'll walk you through the five-step process in no time.

How to shop Microsoft's Surface Pro 11 Bundle offer
Microsoft's store lays this out as a five-step custom order, and there's no reason for us to do any differently:

Read more
Intel just stole a page from Nvidia’s DLSS playbook
hp omen transcend 32 review 13

Intel is giving its XeSS upscaling tech a huge makeover. The aptly-named XeSS 2 steals -- or borrows, if we're being generous -- a page from Nvidia's DLSS 3, which has been a staple feature of some of the best graphics cards you can buy. XeSS 2 comes packed with super resolution like the original version, but also frame generation and a latency-reducing feature called XeLL. And it's launching alongside the new B580 graphics card.

Point-for-point, XeSS 2 is basically identical to DLSS 3. The super resolution portion functions much in the same way as the original XeSS, providing you with various different quality settings to render your game at a lower resolution in order to improve performance. On the upscaling side, the major change is native support for DirectX 12 and Vulkan, which should open up XeSS to more games.

Read more