On March 1, 2021, security researcher Julien Voisin documented his findings on two samples uploaded to VirusTotal that appear to exploit the hardware vulnerability CVE-2017-5753, also known as Spectre. In early 2018 Google’s Project Zero documented two vulnerabilities that exposed weaknesses in the speculative execution features found in Intel, AMD, and ARM processors. Based on the information found in VirusTotal, these samples appear to be featured exploits in Immunity’s Canvas penetration testing framework.
Analyst Notes
While the inclusion of exploits for years-old vulnerabilities into legitimate red team operational tools comes as no surprise, the leaking of this tool will pose some problems. If researchers have access to this exploit, adversaries will likely have access to it as well. While many systems should have received automatic firmware upgrades through operating system updates, administrators should seek out any older systems (2015 or older) without the patch and take action to remediate quickly.
Reference:
https://www.bleepingcomputer.com/news/security/working-windows-and-linux-spectre-exploits-found-on-virustotal/
https://dustri.org/b/spectre-exploits-in-the-wild.html
https://www.bleepingcomputer.com/tag/spectre/
