Spectre, a security flaw in processors, is a hardware-level defect which puts user data in risk as it lets hackers easily read user activity. It was first discovered in Intel processors and later in new AMD processors too, which means millions of devices, since the past two decades, have had this vulnerability.
Intel has released several software patches for people with ‘older’ processors as a workaround to the vulnerability, however, these patches significantly reduced the processors’ performance. Though the company had somewhat contained the earlier defect, a new Spectre variant, called Variant 4, has been found by Intel and Microsoft.
This time, the defect makes the same areas of data vulnerable, however, extracts this data in a different manner as compared to the previous flaw discovered in January, says Intel in a blog post. The company has released patches for the Variant 4, but these fixes will also cause performance hits.
Intel says that the Variant 4 exploit is “medium risk” in comparison because the company has already minimized the problem in the early patches. Additionally, this flaw uses a “Speculative Store Bypass”, which can cause a processor to send and store data in less-secure places. According to US-CERT’s advisory, this could allow attackers to access older instants of data.
The company says that there has not been any breach by exploiting Variant 4 for now, it has launched a complete fix for this flaw which has already been made available to vendors and other manufacturers that use Intel chips.
2-8% Performance Drop
Leslie Culbertson, Intel’s executive VP of security said that the company’s test computers took a performance hit of between 2-8% after getting patched for Variant 4. It’s entirely up to the manufacturers to use it, Intel says, the patch will be disabled by default and third-parties can enable it if they want to.
The reason this is important is because Intel has been a go-to processor supplier since more than two decades. Most of the world’s computers run the company’s processors, even high-profile governmental institutions rely on them and have been carrying out sensitive tasks on computers running Intel processors over the years.
These defects are hardware-level, meaning the processors were built with this design flaw, which is why Intel, among other companies including AMD, have found themselves under fire.
Microsoft’s security advisory details how attackers could use this exploit in web browsers, you can check out their findings here.