Spectre ” Variant 4 ”: Here is the new bug of the Intel, AMD and ARM processors
Discovered a new vulnerability regarding Spectre: its name is Variante 4 and was outlined by Google and Microsoft in the Intel, AMD and ARM processors. Here’s what it is.
A new flaw, a new vulnerability was discovered in the Intel, AMD and ARM microprocessors. Let’s talk once again of Spectre even if this time to be discovered is a flaw called ” Variant 4 ” and concerns the side-channel attacks that affect the speculative execution of the CPU. The discovery comes from Google’s Project Zero and Microsoft’s Secure Response Center that have outlined the new flaw similar to other notes since early January.
In this case, Intel wanted to immediately reply to the news given by Microsoft and Google and wanted to declare with a statement through the voice of Leslie Culbertson, head of company security, what is the ” Variant 4 ” of Spectre. First of all, he reiterated the fact that no current exploits to have been reported at the moment, thanks to the position taken by the software houses of the various browsers on the market, there are important safeguards for possible attacks on consumers.
The operation of Variant 4 of Spectre basically does not see changes compared to that of the three previous vulnerabilities. Also in this case it is possible to read the data in areas of memory usually inaccessible to the software and that the flaw allows the use also in language-based runtime environments.
The Intel security executive then wanted to emphasize that the updates released by the various Chrome, Edge but also Firefox, Safari or others are also valid for this new ” variant 4 ” of Spectre. In fact though: ” in order to offer the option for total mitigation and to prevent this method being used in other ways, we and the industrial partners are offering additional mitigation for Variant 4, which is a combination of CPU microcode and updates software “.
This means that users will not have to do anything but install any security patches that will be released via Windows Update or even through the official channels of the various manufacturers. In this case, Intel tells how it has already delivered a Beta version of the microcode to OEMs and software houses in order to be able to implement the public version in the coming weeks.
Here the list of all the Intel processors involved, although substantially the news compared to the old versions do not seem to be from Intel. AMD has instead announced that mitigations will be operative on the interested processors on Bulldozer architecture. Furthermore, no AMD x86 product was exposed to the 3rd variant. Finally, for ARM, the architectures behind many smartphones have declared that only the Core Cortex-A57, A72, A72 and A75 are exposed to the new variant.
