Latest in Gear

Image credit:

Intel details fourth Spectre-style CPU security flaw

There are fixes on the way, but it's still a headache.
Jon Fingas, @jonfingas
May 21, 2018
Share
Tweet
Share

Sponsored Links

Reuters/Dado Ruvic

Intel said it was expanding its bug bounty program to help find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses speculative execution to expose some data through a side channel. The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits.

Like earlier vulnerabilities, the new issue affects most modern chip architectures, including many of Intel's CPUs from the past few years.

The good news: many of the same patches for earlier Spectre and Meltdown variants should mitigate against Variant 4. There is the potential for new exploits, however, so Intel and partners (including PC makers and operating system vendors) are releasing BIOS and software fixes in the "coming weeks." The solution is turned off by default, though -- Intel estimates a roughly 2 to 8 percent performance hit in benchmarks, and it's clearly not eager to impose that penalty on users unless there's evidence of an exploit in the wild.

There won't be a permanent solution (complete immunity to the flaws, rather than mitigation) for Spectre-like exploits until Intel and its competitors release updated chips. As such, it won't be alarming if it turns out there are more disclosures like this. The industry hasn't really had such universal hardware-related flaws before, and it's not clear where they end.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Spotify Wrapped chronicles your 2020 listening habits in a stories-style format

Spotify Wrapped chronicles your 2020 listening habits in a stories-style format

View
Spotify Wrapped showcases your top tracks of 2019 and the past decade

Spotify Wrapped showcases your top tracks of 2019 and the past decade

View
Watch the trailer for Studio Ghibli's first fully CG movie

Watch the trailer for Studio Ghibli's first fully CG movie

View
The Arecibo Observatory's telescope has collapsed

The Arecibo Observatory's telescope has collapsed

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr