Skip to main content

New ‘Prime’ Meltdown, Spectre exploits outlined by Nvidia, Princeton University

Just one month after researchers exposed methods to extract sensitive data from a device’s memory through all modern processors, another research paper arrives to illustrate how the processor design flaw can be used in other attacks. The paper, dubbing the new exploits MeltdownPrime and SpectrePrime, derives from three researchers who work at at Princeton University and graphics chip manufacturer Nvidia. 

As reported last month, all processors dating back to at least 2011 have a flaw in the way they’re designed. Part of a processor’s speed comes from its ability to predict where the current list of instructions will go — they have “branch prediction units” that take an educated guess about what command will come next. To make these predictions, processors toss data back and forth from two memory sets: local on-chip memory called cache for fast access, and the PC’s system memory. This data isn’t secured, and that’s where the original Meltdown and Spectre attacks come in. 

The Meltdown approach applies to Intel and Apple processors. A hacker can create a malicious program to access that raw information, which could include usernames, passwords, credit card numbers, and so on. It taps into the privileged information typically only accessible by the root of an operating system, otherwise known as the kernel. 

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

Meanwhile, Spectre applies to Intel, AMD, and all mobile chips based on ARM’s processor design, including Apple. Here hackers can create a program to trick the processor into executing instructions not built into legitimate programs and apps installed on the PC. In other words, your favorite apps and programs could be tricked into coughing up your sensitive data. 

Both methods are merely proof-of-concepts reported by Google Project Zero, and researchers from Cerberus Technology and various universities. Both are called side-channel attacks as they don’t target specific software, such as Adobe Flash. 

The new MeltdownPrime and SpectrePrime exploits rely on an attack called Prime+Probe that takes advantage of processor “cache invalidations,” which is a method of replacing or removing entries in the CPU’s cache. Whereas Meltdown and Spectre simply “pollute” this cache during the CPU’s path prediction (aka speculative execution), the new exploits take a different approach. 

“MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol,” the paper states. A coherence protocol means that the PC is keeping all data stored in cache and memory consistent. But that protocol may “invalidate cache lines in sharer cores as a result of a speculative write access request even if the operation is eventually squashed.” 

The researchers validated their findings using a MacBook packing an Intel Core i7 processor, and MacOS Sierra v10.12.6. They ran the exploit 100 times on the machine, with a 99.95-percent success rate for SpectrePrime versus the 97.9-percent rate seen with the vanilla Spectre exploit. 

“We believe that any software techniques that mitigate Meltdown and Spectre will also be sufficient to mitigate MeltdownPrime and SpectrePrime. On the other hand, we believe that microarchitectural mitigation of our Prime variants will require new considerations,” the paper states. 

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The 13 best cheap gaming laptop deals in March 2024
An Alienware m16 gaming laptop in use on a desk, playing Baldur's Gate III.

While there are a lot of great laptop deals taking place, gamers will need to look at laptops that can suit their more specific needs when planning to take on some of the best PC games. But not to worry, there are a lot of great gaming laptop deals out there right now that can ensure some savings on a new gaming setup. Brands like HP, Alienware, Acer, and Lenovo are all turning up with discounted models this month, and we’ve taken the liberty of rounding up what we feel are the best gaming laptop deals currently available. Read onward for more details on how to save, and on which gaming laptop might suit your gaming needs best.
HP Victus 15.6-inch gaming laptop -- $550, was $800

Ideally designed for someone looking for one of the best budget gaming laptops, the HP Victus 15.6-inch might mean you’ll need to tweak some detail levels with certain games but it’s a great starting point. It has an Intel Core i5 processor, 8GB of memory, and an Nvidia GeForce RTX 3050. There’s also 512GB of SSD storage so you’ll be able to install a few games at once without a problem. The 15.6-inch screen has a refresh rate of 144Hz so you won’t need to worry about motion blur while other useful features include HP Fast Charge support and speakers tuned by B&O. A backlit keyboard looks great while there’s an integrated numeric keypad.

Read more
Another excellent laptop challenges the MacBook Pro and falls short
The keyboard and trackpad of the MacBook Pro.

The MacBook Pro 16 remains undefeated as the best 16-inch laptop you can buy. From the incredible battery life to the impressive performance, the M3 Max MacBook Pro has become an unstoppable force.

Still, plenty of competitors have come along to potentially challenge it, and when I came across the updated HP Spectre x360 16, I wondered if it might make a worthy rival. As impressive as it is, though, it still doesn't have what it takes to dethrone the MacBook Pro.
Specs and configurations

Read more
How to install Windows on a Chromebook
The HP Dragonfly Pro Chromebook rear view showing lid and logo.

The Google Chromebook is an excellent alternative to traditional PC setups, but some users may miss the look and feel of a Windows machine. If you’re the proud owner of a Chromebook, and yearn for the Microsoft OS experience, you’re in luck. Using a few simple tools, a couple of installs, and some patience, it’s actually not too difficult to get Windows 11 or 10 onto a Chromebook.

Read more