Latest in Gear

Image credit: Reuters/Dado Ruvic

Intel details fourth Spectre-style CPU security flaw

There are fixes on the way, but it's still a headache.
341 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters/Dado Ruvic

Intel said it was expanding its bug bounty program to help find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses speculative execution to expose some data through a side channel. The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits.

Like earlier vulnerabilities, the new issue affects most modern chip architectures, including many of Intel's CPUs from the past few years.

The good news: many of the same patches for earlier Spectre and Meltdown variants should mitigate against Variant 4. There is the potential for new exploits, however, so Intel and partners (including PC makers and operating system vendors) are releasing BIOS and software fixes in the "coming weeks." The solution is turned off by default, though -- Intel estimates a roughly 2 to 8 percent performance hit in benchmarks, and it's clearly not eager to impose that penalty on users unless there's evidence of an exploit in the wild.

There won't be a permanent solution (complete immunity to the flaws, rather than mitigation) for Spectre-like exploits until Intel and its competitors release updated chips. As such, it won't be alarming if it turns out there are more disclosures like this. The industry hasn't really had such universal hardware-related flaws before, and it's not clear where they end.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
341 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
A fourth 'Matrix' movie is happening

A fourth 'Matrix' movie is happening

View
NASA confirms mission to Jupiter's moon Europa

NASA confirms mission to Jupiter's moon Europa

View
Ford will reportedly make two more electric SUVs by 2023

Ford will reportedly make two more electric SUVs by 2023

View
The dream of flying taxis may not be too far off

The dream of flying taxis may not be too far off

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr