Updated on May 3: Intel provided Laptop Mag a statement claiming the latest risks have already been mitigated, and that devs who have already followed Intel’s instructions don’t need to take any further measures. We have updated this article with Intel’s comments.
The Spectre exploit is once again haunting chipmakers as security researchers have discovered multiple new variants affecting both Intel and AMD processors. Unfortunately, none of the patches released for previous Spectre versions mitigate against these newcomers.
To get you caught up, Spectre (alongside Meltdown) was a devastating flaw discovered in 2018 that affected chips produced by Intel and AMD. In the wrong hands, someone could steal your password and personal information from apps running on devices with Intel and AMD chips.
The exploits forced companies to quickly release patches and made Intel redesign its chips after it was discovered that the flaw, which affected everything from PCs to servers to smartphones, had been hiding in chip designs for more than 20 years.
Now Spectre has returned. Researchers from the University of Virginia and the University of California San Diego determined that the new variants leak data via micro-op caches, which are used to speed up processing by storing simple commands so CPUs can grab them quickly.
Every AMD (since 2017) and Intel (since 2011) chip uses micro-op caches so they are all theoretically vulnerable to this attack. The security researchers who discovered these variants listed three possible ways a CPU could be infiltrated.
A same thread cross-domain attack that leaks secrets across the user- kernel boundary;A cross-SMT thread attack that transmits secrets across two SMT threads running on the same physical core, but different logical cores, via the micro-op cache;Transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution.Spectre exploit: Are you at risk?
If there is a silver lining, it’s that these theoretical attacks are difficult to execute. So difficult that Intel and AMD may forgo patching the vulnerabilities altogether. As Tom’s Hardware notes, the malware would need to bypass all of the other software and hardware defenses found on your device before it could execute a tricky, unconventional attack.
The bottom line? The risk of you falling victim to this exploit is very low. That said, low risk is not no risk and both Intel and AMD have been notified of these holes in their armor.
For Intel’s part, the chipmaker provided Laptop Mag a statement claiming the vulnerabilities outlined in the research paper have already been mitigated.
“Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed.”
Today’s best Avast Ultimate deals