You might’ve known Spectre due to the uproar it induced into the tech world last year. It was a major vulnerability that affected most processors out in the open.
And the worst part was that it couldn’t be fixed by sending a software push, instead, Spectre was suppressed by companies sending out mitigations to temporarily get over it until new and secure batches of hardware were delivered and installed.
However, a new version of the same vulnerability has been disclosed yesterday dubbed “Variant-4.” Actually, it’s not a version of Spectre but a similar demon. Also called as the Speculative Store Bypass, the vulnerability takes advantage of the speculative execution mechanism of a CPU– allowing hackers to gain information stored in the depths of your computer’s memory.
CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4
Systems with microprocessors utilizing speculative execution and speculative execution of the memory read before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Although, Intel has given it a moderate severity rating as most of the exploits it uses have been already mitigated by previous updates. The chipmaker will also be releasing another fix that’ll prevent this method to be used in other ways– Macrumors reported. It’s also providing an OEM in a beta form containing the mitigations to other companies. But, it’s up to them to add extra additions. Think of it as an Android OEM. Google distributes it under its license to other manufacturers and they, then add their own features and customizations to offer to the public as a final product.
Most processors have been a prey to the Spectre and Meltdown family of vulnerabilities. However, Intel has been a major puppet for criticism in light of its immense popularity in the chip-making business. Apple, at one point, was also affected by Spectre, but the folks at the company were quick to fix it.
In conclusion, Intel has promised to produce its chips in the future that are resistant to such vulnerabilities. And it’s kind of living up to its promise by the fact that its next-generation Xeon Scalable processors (Cascade Lake) that are rebellious to Spectre and Meltdown will be reserved into production sometime soon.