Spectre is the CPU vulnerability that just keeps on giving. Revisions to CVE-2017-5753 and CVE-2018-3693 this week reveal that Spectre 1.1 and 1.2 have emerged from the shadows.
They are, however, new variants of the original vulnerability and have been dubbed Spectre 1.1 and 1.2 as a result. Like most sequels, they aren’t quite as gripping as the original but nonetheless cannot be ignored.
In a nutshell, Spectre 1.1 can leverage speculative stores to create speculative buffer overflows while Spectre 1.2 enables the targeting of CPUs without the proper read/write protection in order to breach sandboxes.