Google, Microsoft find another Spectre, Meltdown flaw

May 22, 2018

Intel and Microsoft on May 21 disclosed a newly found variant of the Spectre and Meltdown security flaws, revealing another vulnerability in chips used in hundreds of millions of computers and mobile devices.

Intel is calling the new strain “Variant 4.” While this latest variant taps into many of the same security vulnerabilities that were first revealed in January, it uses a different method to extract sensitive information, according to the company.

Spectre and Meltdown have continued to haunt companies like Intel, Arm, and AMD, which have produced chips with the flaws for everything from computers and laptops to mobile devices. The vulnerabilities, which could allow attackers to read sensitive information on your CPU, affected hundreds of millions of chips from the last two decades. While companies like Intel, Apple, and Microsoft have issued updates to patch the flaws, the fixes haven’t always worked as intended, sometimes causing computer problems.

Hackers often scour online for vulnerabilities that’ll allow them to carry out attacks. The WannaCry ransomware attack, for example, took advantage of Windows computers whose owners never implemented a Microsoft patch.

But even after Intel and other companies fixed the first strain, researchers expected new variations of the original vulnerability to pop up. In January, Arm CEO Simon Segars predicted that a flaw like Spectre would most likely happen again. Monday’s advisory is the latest example of companies facing the ongoing security issue.

Intel is classifying Variant 4 as a medium risk because many of the exploits it uses in web browsers were fixed in the original set of patches, according to a blog post from the company. The newly found variant uses something called “Speculative Store Bypass,” which could allow your processor to load sensitive data to potentially insecure spaces.

In the US-CERT’s advisory, officials said the new flaw would allow attackers to read older memory values on your CPU.

The company said it hasn’t seen this vulnerability used by hackers, and that it’s releasing a complete fix for the flaws over the coming weeks. Intel’s executive vice president of security, Leslie Culbertson, said in a post that Intel has already made the update available for manufacturers and software vendors.

CNET has the full article

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...