Intel Discloses New 'Variant 4' Spectre-Like Vulnerability

by

Intel, Google, and Microsoft today disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.

Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.

meltdownspectre

CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."

This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.

This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark(R) 2014 SE and SPEC integer rate on client1 and server2 test systems.

The Spectre and Meltdown family of vulnerabilities affect all modern processors from Intel, ARM, and AMD, but Intel has faced more scrutiny over the design flaw due to its high-profile position in the processor market. Apple's iOS and Mac devices are affected by these vulnerabilities, but Apple has historically been quick to patch them.

Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.

Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.

Tags: Intel, Meltdown-Spectre

Popular Stories

maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article163 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article89 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
iOS 26

iOS 26.3 Brings AirPods-Like Pairing to Third-Party Devices in EU Under DMA

Monday December 22, 2025 3:20 pm PST by
The European Commission today praised the interoperability changes that Apple is introducing in iOS 26.3, once again crediting the Digital Markets Act (DMA) with bringing "new opportunities" to European users and developers. The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple's own products get. In iOS...
Read Full Article91 comments
top stories 2025 12 20

Top Stories: iOS 26.3 Beta, Major Apple Leaks, and More

Saturday December 20, 2025 6:00 am PST by
You'd think things would be slowing down heading into the holidays, but this week saw a whirlwind of Apple leaks and rumors while Apple started its next cycle of betas following last week's release of iOS 26.2 and related updates. This week also saw the release of a new Apple Music integration with ChatGPT, so read on below for all the details on this week's biggest stories! Top Stories i...
Read Full Article19 comments
Apple Wallet ID Illinois

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Wednesday December 24, 2025 8:40 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article17 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Features Leaked in New Report, Including Under-Screen Face ID

Tuesday December 16, 2025 8:44 am PST by
Next year's iPhone 18 Pro and iPhone 18 Pro Max will be equipped with under-screen Face ID, and the front camera will be moved to the top-left corner of the screen, according to a new report from The Information's Wayne Ma and Qianer Liu. As a result of these changes, the report said the iPhone 18 Pro models will not have a pill-shaped Dynamic Island cutout at the top of the screen....
Read Full Article63 comments
iPhone Fold Vertical Feature

Why Apple's Foldable iPhone May Be Smaller Than Expected

Tuesday December 23, 2025 5:21 am PST by
Apple's first foldable iPhone, rumored for release next year, may turn out to be smaller than most people imagine, if a recent report is anything to go by. According to The Information, the outer display on the book-style device will measure just 5.3 inches – that's smaller than the 5.4-inch screen on the ‌iPhone‌ mini, a line Apple discontinued in 2022 due to poor sales. The report has led ...
Read Full Article189 comments
iPhone Chips

Apple Clings to Samsung as RAM Prices Soar

Monday December 22, 2025 6:17 am PST by
Apple is significantly increasing its reliance on Samsung for iPhone memory as component prices surge, according to The Korea Economic Daily. Apple is said to be expanding the share of iPhone memory it sources from Samsung due to rapidly rising memory prices. The shift is expected to result in Samsung supplying roughly 60% to 70% of the low-power DRAM used in the iPhone 17, compared with a...
Read Full Article70 comments

Top Rated Comments

Diamond Dog Avatar
Diamond Dog
99 months ago
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.
Uh, 99% of the people who own affected products have no idea what Meltdown or Spectre are, or how a processor works to begin with. I think it's just fine to develop a way of explaining the exploits that meets the level of understanding that said users have.
Score: 22 Votes (Like | Disagree)
heov Avatar
heov
99 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
Score: 22 Votes (Like | Disagree)
341328 Avatar
341328
99 months ago
I want a free CPU upgrade.
Score: 16 Votes (Like | Disagree)
NoBoMac Avatar
NoBoMac
99 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
Score: 11 Votes (Like | Disagree)
Ulfric Avatar
Ulfric
99 months ago
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.

P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.

AMD has released a whitepaper on the V4 mitigation. If anyone interested to read them then please proceed.
https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
Score: 8 Votes (Like | Disagree)
btrach144 Avatar
btrach144
99 months ago
I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.

I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
Score: 8 Votes (Like | Disagree)
Read All Comments