Latest in Gear

Image credit:

Intel details fourth Spectre-style CPU security flaw

There are fixes on the way, but it's still a headache.
Jon Fingas, @jonfingas
May 21, 2018
Share
Tweet
Share

Sponsored Links

Reuters/Dado Ruvic

Intel said it was expanding its bug bounty program to help find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses speculative execution to expose some data through a side channel. The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits.

Like earlier vulnerabilities, the new issue affects most modern chip architectures, including many of Intel's CPUs from the past few years.

The good news: many of the same patches for earlier Spectre and Meltdown variants should mitigate against Variant 4. There is the potential for new exploits, however, so Intel and partners (including PC makers and operating system vendors) are releasing BIOS and software fixes in the "coming weeks." The solution is turned off by default, though -- Intel estimates a roughly 2 to 8 percent performance hit in benchmarks, and it's clearly not eager to impose that penalty on users unless there's evidence of an exploit in the wild.

There won't be a permanent solution (complete immunity to the flaws, rather than mitigation) for Spectre-like exploits until Intel and its competitors release updated chips. As such, it won't be alarming if it turns out there are more disclosures like this. The industry hasn't really had such universal hardware-related flaws before, and it's not clear where they end.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Our readers get real about their issues with the AirPods Pro

Our readers get real about their issues with the AirPods Pro

View
20GB of Intel internal documents were leaked online

20GB of Intel internal documents were leaked online

View
Disney has no idea what it's doing with 'Mulan'

Disney has no idea what it's doing with 'Mulan'

View
Trump executive order seeks to ban TikTok, WeChat 'transactions' in 45 days

Trump executive order seeks to ban TikTok, WeChat 'transactions' in 45 days

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr