Vulnerability Management, Malware

Patches for speculative Retbleed attacks released by vendors

SecurityWeek reports that software updates have been unveiled by numerous software vendors to remediate the new speculative execution attack dubbed "Retbleed" aimed at return trampolines implemented for Spectre side-channel attack mitigation. Both Intel and AMD, which were discovered to have processors impacted by Retbleed," have issued their respective patches, while Citrix has introduced hotfixes for Hypervisor systems running on AMD Zen 1 or Zen 2. On the other hand, VMware has noted that fixes have been available in ESXi versions 6.5, 6.7, and 7.0, as well as Cloud Foundation versions 3.x and 4.x. "A malicious actor with administrative access to a virtual machine can take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host," said VMware. Microsoft and Fedora also released updates to protect systems against the speculative attack. Meanwhile, Ubuntu and Red Hat are still working on their patches.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.