After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

Posted on

The discovery of the Spectre and Meltdown vulnerabilities earlier this year was major news throughout the tech industry. These processor vulnerabilities potentially exposed the data of hundreds of millions of popular devices including servers, tablets, and smartphones. 

Spectre and Meltdown left the door wide open for hackers to manipulate a CPU data processing efficiency technique to gain access to sensitive information. Companies like Apple and Microsoft have worked to develop patches and updates to fix these vulnerabilities, but some have resulted in slower CPU performance. 

Now, a new vulnerability has emerged that is similar to Spectre and Meltdown. Microsoft and Google’s Project Zero have just announced the discovery of a flaw called Speculative Store Bypass-Variant 4 

Speculative Store Bypass 

The vulnerability is called Variant 4 because Spectre and Meltdown make up Variants 1-3. Bad actors can potentially use Variant 4 to access data that is supposed to be locked on Intel, ARM, and AMD processors. This process, called ‘Speculative Store Bypass’, manipulates processors into loading private data into insecure files.  

US-CERT’s advisory mentioned that hackers could access older CPU memory values using Variant 4, and experts also believe it could expose certain web browsing components, such as Javascript ad modules. 

Is Variant 4 a Major Vulnerability? 

Microsoft has classified Variant 4 as a low-level risk, while Intel and Google have classified it as a medium risk. Intel also says there is no current evidence that this vulnerability has been used by hackers, yet. 

Many patches and updates for the Spectre and Meltdown vulnerabilities already include safeguards against Speculative Store Bypass, but Intel says it will be releasing a comprehensive fix for Variant 4 within the next few weeks. In fact, the update is already available for manufacturers and software vendors. 

Protecting Your Data Moving Forward 

Companies will be rolling out Variant 4 patches and fixes over the next few weeks and months, but another CPU flaw will undoubtedly emerge at some point. Researchers had been expecting additional vulnerabilities to appear ever since Spectre and Meltdown, and Variant 4 is likely only the first. 

JDL Group can set up the right IT and security systems to properly defend your CPUs and network against vulnerabilities like Variant 4. JDL Group can also make sure your processors are always updated with the latest patches and fixes. Contact us today. 

References: 

https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ 

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/ 

 

Leave a Reply

Your email address will not be published. Required fields are marked *