Intel and Microsoft today disclosed the latest variant of the Spectre and Meltdown security flaws that were originally revealed in January. Intel is referring to this one as ai???Variant 4,ai??? and it uses some of the same security vulnerabilities as the initial discoveryai??i??
As reported by CNET, Intel is classifying the new variant as a ai???medium riskai??? vulnerability because ai???manyai??? of the exploits that it would take advantage of were fixed by browsers during the initial set of patches.
Variant 4, like its predecessor, takes advantage fo the speculative features of a CPU and thus allows hackers to access sensitive information. The company writes in a blog post:
Nevertheless, Intel says it has delivered microcode updates to manufacturers and expects a rollout to commence over the coming weeks.
Weai??i??ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.
As far as performance goes, Intel says it doesnai??i??t expect the patch to affect performance, and suspects that most OEMs will leave the mitigation turned off in an effort to ensure performance remains the same. Though, the company does note that it has observed a ai???performance impact of approximately 2 to 8 percentai??? when enabled.
The original Spectre and Meltdown flaws were first discovered in January, with Apple saying that ai???all Mac and iOS devicesai??i?? were affected by the flaw.