It hasn’t been a good 2018 for security and that trend continues with Intel, Google and Microsoft all disclosing a new variant of the already famous Spectre design flaw which impacts millions of computers, smartphones and tablets from just about every major computer manufacturer on the planet.
The new variant, dubbed Variant 4 or the “Speculative Store Bypass” for those who like to be all official like, is similar to Spectre in the fact it also takes advantage of the speculative execution feature that is built into modern CPUs.
It was misuse of this feature which allowed hackers to gain access to information as part of the initial Spectre problem and now Variant 4 has also been demonstrated by researchers.
CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Thankfully, the new vulnerability has been addressed via mitigations which were first put in place by software and OEMs back in January as part of the initial Meltdown and Spectre issue, although a full mitigation option is also on its way and is, in fact, already available in beta form.
Because of this Intel has labeled the vulnerability with a “moderate” severity rating.
From a user’s standpoint there is nothing to be done here. OEMs and software vendors will have already incorporated fixes as part of the Meltdown and Spectre fixes and any additional work will come via the additional mitigation being worked on by Intel. Expect to see new security updates for your systems in due course, although just like last time, the patch will take a hit on CPU performance of the device which is expected to be 8% this time around.
You may also like to check out:
Like this post on Facebook