Eight more Spectre-style flaws found in Intel processors – four rated as high severity.
- Chip giant Intel faces further security patch headaches after researchers discovered and reported eight new Spectre-style hardware vulnerabilities in the company’s processors.
- First reported by German IT site C’T, which said it has been given full technical details on the vulnerabilties by researchers and verified them, the flaws have been confirmed by Intel which has reserved Common Vulnerabilities and Exposures (CVE) numbers for them.
- The new set of hardware flaws have been named Spectre New Generation, and Intel rates four of the eight vulnerabilities found as high severity, and the rest as medium.
- Patches are in the works from Intel.
- C’T reported that one of the new vulnerabilities is a much more serious threat than the original Spectre bug, as it could be used to bypass virtual machine isolation from cloud host systems to steal sensitive data such as passwords and digital keys.
The Spectre-NG exploit works regardless of Intel’s software guard extensions (SGX) being enabled. - At this stage, it is unclear if AMD processors and chips following the ARM architecture are also vulnerable to the Spectre-NG attacks.
- Google’s Project Zero team of security researchers are credited with finding one of the Spectre-NG vulnerabilties.
- They are likely to publish technical details next week when a strict 90-day non-disclosure period to give vendors time to address flaws runs out.
- Taking care of the Spectre and Meltdown flaws in processors has been difficult for Intel and its technology partners such as Microsoft, with users reporting system instability and slower performance after microcode patches have been applied.
- The vulnerabilities are due to hardware design flaws, and allow attackers to read data in memory. Thousands of older and newer processors are affected by the vulnerabilities.
- Intel has promised to re-architect its processors to prevent a repeat of the Spectre and Meltdown flaws.