Menu
Fresh Spectre and Meltdown-related chip flaws found

Fresh Spectre and Meltdown-related chip flaws found

Comes after researchers warned that they were likely to find new variants of Spectre in the future

Cyber security researchers have found a new security flaw that affects a broad swath of modern computing chips and is related to the Spectre and Meltdown chip flaws that emerged in January.

The newest chip problem, known as Speculative Store Bypass or "Variant 4" because it's in the same family as the original group of flaws, was disclosed by security researchers at Microsoft and Google on Monday. Though the flaw affects many chips from Intel, Advanced Micro Devices and Softbank Group's ARM Holdings, researchers described the risks as low, partly because of web browser patches already issued earlier this year to address Spectre.

The Meltdown and Spectre flaws, which emerged in January, can allow passwords and other sensitive data on chips to be read. The flaws result from the way computers try to guess what users are likely to do next, a process called speculative execution.

When the flaws emerged in January, researchers warned that they were likely to find new variants of Spectre in the future. Earlier this month, German computer science magazine c't reported that a "next generation" of flaws had been found in Intel's chips and was likely to be disclosed this month. Intel declined to comment on whether Monday's announcement was related to the German magazine's story.

In its research findings, Microsoft said that patches issued for common web browsers earlier this year greatly increased the difficulty of carrying out an attack with the newly discovered flaw.

Chips from Intel, AMD and ARM all have patches available, either directly from the makers or through software suppliers such as Microsoft. Intel said it expects a performance slowdown of between two per cent and eight per cent from the patches, and ARM said it expects a slowdown of between one per cent and two per cent.

However, Intel said that because of the low risk of a real-world attack, it would ship its patches turned off by default, giving users the choice whether to turn them on. AMD also advised leaving the patches turned off due to the difficulty of carrying out an attack.

The security problems do not appear to have impacted chipmakers' stock prices. Intel shares are up nearly 16 percent to since the start of the year to US$54.32, and AMD shares are up 18.3 per cent to US$12.99 since the start of the year.

(Reporting by Stephen Nellis; Editing by Cynthia Osterman)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftGoogleintelchipvulnerabilityflawmeltdownspectre

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments