RIDL and Fallout: MDS attacks

After the spectacle of Spectre and Meltdown last year, we now have more vulnerabilities that attacks the CPU to leak confidential data. The new vulnerabilities are called RIDL and Fallout – not quite as catchy as Spectre and Meltdown – and it belongs to a class of attacks called MDS (Microarchitectural Data Sampling) attacks.

There are exploit demos that show the attacker retrieving the contents of hashed passwords in /etc/shadow, which he/she can crack offline after that. Another demo shows an attack being carried out using Javascript/WebAssembly. Essentially this means that if you visit a web page that contains attack code it can read information from other processes it is not meant to.

Our attacks can leak confidential data across arbitrary security boundaries in real-world settings (cloud, browsers, etc.).

Source: RIDL and Fallout: MDS attacks