Intel Discovers New Spectre Flaw, Patch May Hit Devices
Intel has discovered a new variant of Spectre and Meltdown security flaws, in its own and third-party processors. The news marks the second time Intel has addressed Spectre and Meltdown flaws, and consensus is, it won’t be the last.
The affected chips are used in hundreds of millions of computers and mobile devices – the relevant patch could reportedly impact performance by 2 – 8%.
In a blog post by Intel Product Assurance & Security Executive Vice President and General Manager, Leslie Culberton, the new ‘Variant 4’ has the potential to expose sensitive data through web browsers.
Using “Speculative Store Bypass”, the medium-risk ‘Variant 4’ may allow a processor to load sensitive data to insecure spaces.
Culberton claims the new security flaw is addressed by a Meltdown update issued early this year, for most browsers including Google Chrome.
As added insurance, Intel plans to release a microcode update, which has reportedly already been accepted by several manufacturers and software vendors.
If enabled, the patch could reportedly hit performance by 2 – 8%.
By default, the fix will be turned off, thereby leaving vendors to decide if they’ll enable it.
“Research into side-channel security methods will continue and likewise, we will continue to collaborate with industry partners to provide customers the protections they need,” asserts Culberton.
“Indeed, we are confident that we will be able to develop mitigations for Intel products for any future side-channel issues.”
The patch will also reportedly address previous vulnerability ‘Variant 3A’.