Intel Discloses New 'Variant 4' Spectre-Like Vulnerability

Discussion in ' News Discussion' started by MacRumors, May 21, 2018.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Intel, Google, and Microsoft today disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.

    Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.

    According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."

    This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.
    The Spectre and Meltdown family of vulnerabilities affect all modern processors from Intel, ARM, and AMD, but Intel has faced more scrutiny over the design flaw due to its high-profile position in the processor market. Apple's iOS and Mac devices are affected by these vulnerabilities, but Apple has historically been quick to patch them.

    Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.

    Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.

    Article Link: Intel Discloses New 'Variant 4' Spectre-Like Vulnerability
  2. OldSchoolMacGuy Suspended


    Jul 10, 2008
    This won't be the last. We're going to see these impacts continue with current processors for some time.
  3. eldivino macrumors member

    Jan 5, 2009
    I agree. This indicates that there are more potential vulnerabilities to be uncovered.
  4. Frign macrumors regular

    Aug 19, 2011
    I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
  5. oyabroch! Suspended

    Jan 8, 2018
    Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.
  6. rturner2 macrumors 6502a

    Jul 18, 2009
  7. Diamond Dog macrumors member

    Diamond Dog

    Apr 6, 2018
    Uh, 99% of the people who own affected products have no idea what Meltdown or Spectre are, or how a processor works to begin with. I think it's just fine to develop a way of explaining the exploits that meets the level of understanding that said users have.
  8. NoBoMac macrumors 68000

    Jul 1, 2014
    Since the post was not done using the Sarcasm Font...

    AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.
  9. SPUY767 macrumors 68020


    Jun 22, 2003
    It’s really time for Apple to switch to AMD. It’s not like anyone buys a Mac to play AAA games at max settings anyway, which is about the only place left where Intel still has a slim advantage. Not to mention, the MacBooks might get a decent integrated GPU.
  10. heov macrumors regular

    Aug 16, 2002
    You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
  11. Jimmy Bubbles macrumors 6502

    Jimmy Bubbles

    Jul 10, 2008
    Nashville, TN
    Do we really think that this was unknown until now? Or are these being dropped out, one by one, now that we know what we do about the intelligence agencies and their dragnet programs?
  12. cube macrumors Pentium

    May 10, 2004
    I think Intel should at least release mitigations for all Core microarchitecture CPUs.

    And motherboard manufacturers and OEMs should provide the corresponding BIOS updates.
  13. itguy06 macrumors 6502a

    Mar 8, 2006
    AMD chips are higher performing, use less power, and somewhat more secure. Time for Apple to ditch Intel's junk.
  14. trusso Suspended

    Oct 4, 2003
    I always find it terribly amusing that the parties responsible for whatever catastrophe-of-the-month (technological vulnerabilities, environmental damage, societal malfeasance) are ostensibly the only ones who can repair the damage.


    Then they get to swoop in and play the savior. :rolleyes:

    And we're supposed to be thankful. o_O
  15. cube macrumors Pentium

    May 10, 2004
    AMD is providing patches back to Bulldozer. Similarly to Intel, I think they should go back to at least K10.
  16. Wags macrumors 6502a

    Mar 5, 2006
    Nebraska, USA
    So this is our quarterly disclosure announcement. I would bet we’re not getting full disclosure to extent. We will continue to get pieces as to not blow themselves up.
  17. btrach144 macrumors 65816


    Aug 28, 2015
    I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.

    I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
  18. cube macrumors Pentium

    May 10, 2004
    Maybe Intel should pay board makers to produce these updates.
  19. OldSchoolMacGuy Suspended


    Jul 10, 2008
    They've already uncovered 2 other potential ones since the original round. It's an issue in most chip tech and not something they're going to be able to fix quickly. It'll be some years most likely.

    Even if Apple announces new Macs at WWDC, they will still hold these vulnerabilities, no matter how new the chips in them are. The upside is that most of these impact mostly those running virtual machines, which isn't most day to day users. They're far larger issues for virtual hosting companies and large companies in most cases. The average consumer has little to worry about.
  20. iapplelove macrumors 601


    Nov 22, 2011
    East Coast USA
    Makes me wonder if we even had it to begin with. Or just the illusion we had privacy.
  21. elvisimprsntr macrumors 6502

    Jul 17, 2013
    When Spectre and Meltdown hit the proverbial CPU fan, I told myself don’t buy any new products for at least 5 years.

    Thanks Intel, ARM, AMD for lowering my home infrastructure CapX for the next 5 years. I might just buy a new car or go on a vacation.
  22. crescentmoon macrumors member


    Feb 22, 2016
    Only if you own Apple stock....LOL
  23. Edsel macrumors 6502

    Mar 18, 2010
    Over There
    Hey, don’t sweat this new security flaw. Do what I’ve done and use a secure, hack proof, reliable and energy efficient “processor”.....
  24. cube macrumors Pentium

    May 10, 2004
    There is Spectre in SPARCv9.

    Some MIPS have Spectre.

    RISC-V has nothing so far.

Share This Page