Intel details fourth Spectre-style CPU security flaw

0

Intel and Microsoft today disclosed the latest variant of the Spectre and Meltdown security flaws that were originally revealed in January. Intel is referring to this one as ai???Variant 4,ai??? and it uses some of the same security vulnerabilities as the initial discoveryai??i??

As reported by CNET, Intel is classifying the new variant as a ai???medium riskai??? vulnerability because ai???manyai??? of the exploits that it would take advantage of were fixed by browsers during the initial set of patches.

Variant 4, like its predecessor, takes advantage fo the speculative features of a CPU and thus allows hackers to access sensitive information. The company writes in a blog post:

Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. Ai??While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

Nevertheless, Intel says it has delivered microcode updates to manufacturers and expects a rollout to commence over the coming weeks.

Weai??i??ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.

As far as performance goes, Intel says it doesnai??i??t expect the patch to affect performance, and suspects that most OEMs will leave the mitigation turned off in an effort to ensure performance remains the same. Though, the company does note that it has observed a ai???performance impact of approximately 2 to 8 percentai??? when enabled.

The original Spectre and Meltdown flaws were first discovered in January, with Apple saying that ai???all Mac and iOS devicesai??i?? were affected by the flaw.

Share.

About Author

Grace Guo

Grace has been working for Nokia Beijing office for 5 years, so she has profound knowledge of phone hardware. Her job at Driversdown is smartphone hardware test and writing review articles of new released phones. In order to get more practical data, she might have a new smartphone very week or month. Contact Grace via grace@driversdown.com