Comment by mike_hearn
2 days ago
Spectre doesn't work across process boundaries, so I don't think they are. You can't Spectre your way into a banking app on an iPhone. Or if you can I'd like to see it in action.
2 days ago
Spectre doesn't work across process boundaries, so I don't think they are. You can't Spectre your way into a banking app on an iPhone. Or if you can I'd like to see it in action.
I don’t think "Spectre doesn’t work across process boundaries" is correct as stated; cross-process and cross-security-domain Spectre attacks have been demonstrated. But I agree that "a malicious app can trivially Spectre its way into an arbitrary banking app on a patched iPhone" is a much stronger claim, and I’m not aware of a public demonstration of that exact attack. My point is only that process isolation alone is not, in principle, a complete answer to Spectre-class attacks.
The only similar bug I'm aware of was Meltdown, an Intel only bug that was immediately patched with a microcode update. But Meltdown was a different bug to Spectre. Spectre is a class of attacks that's hard to solve by design, Meltdown was a specific bug that was easy to solve.