Researchers from the ETH Zurich have found a new attack mechanism for Intel and AMD processors. This includes Kaby Lake, Coffee Lake and Zen 1. Zen 1+ and Zen 2. It’s called Retbleed and works by speculatively running arbitrary code. This allows him to steal passwords, and sensitive data.
Speculative execution allows the processor to perform operations before it can determine if they are needed for future tasks. This is called branching.
The principle of vulnerability is as follows: If the processor finds that branch prediction was not accurate, it will roll back the operation. The data in this case can still be read, as it remains in the buffer and cache.
This means that a Retbleed-vulnerable virus can launch a command and fail, but residual files are stored in the cache. This cycle continues until the system crashes.
You will also have to compromise some system performance in order to get rid of the virus. Branch prediction is what makes modern CPUs so powerful.
Both companies stated they were aware of the problem, and promised to find a quick solution. However, although no mass application of the vulnerability has been reported yet, individual cases have been documented.
Software cannot close the gap in M1 processor.