Mozilla just disabled SharedArrayBuffer in Firefox because it could be used in the Meltdown/Spectre exploits. Also reduced resolution of http://performance.now () http://blog.mozilla.org/security/2018/ …
Timing attacks have been known for a while and were discussed. Timing attacks that use speculative execution in CPUs to read the cache of a discarded branch (possibly because it was an access violation) wasn't something we were thinking about.
-
-
ah, thanks for the clarification. Also in case you didn't see my follow up this wasn't meant to be a "omg they knew" type tweet, more a "hrm, if this is getting discussed by non sec-researchers then this kind of exploit has been widely understood and possibly used for a while"
-
I think it’s extremely likely this stuff has been already exploited.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.