Intel Discloses New 'Variant 4' Spectre-Like Vulnerability

by

Intel, Google, and Microsoft today disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.

Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.

meltdownspectre

CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."

This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.

This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark(R) 2014 SE and SPEC integer rate on client1 and server2 test systems.

The Spectre and Meltdown family of vulnerabilities affect all modern processors from Intel, ARM, and AMD, but Intel has faced more scrutiny over the design flaw due to its high-profile position in the processor market. Apple's iOS and Mac devices are affected by these vulnerabilities, but Apple has historically been quick to patch them.

Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.

Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.

Tags: Intel, Meltdown-Spectre

Popular Stories

AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2, AirPods Pro 3, and AirPods 4

Thursday November 13, 2025 11:35 am PST by
Apple today released new firmware designed for the AirPods Pro 3, the AirPods 4, and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B25, while the AirPods Pro 2 and AirPods 4 firmware is 8B21, all up from the prior 8A358 firmware released in October. There's no word on what's include in the updated firmware, but the AirPods Pro 2, AirPods 4 with ANC, and AirPods Pro 3...
Read Full Article65 comments
CarPlay Pinned Messages

iOS 26.2 Adds New CarPlay Setting

Thursday November 13, 2025 6:48 am PST by
iOS 26 extended pinned conversations in the Messages app to CarPlay, for quick access to your most frequent chats. However, some drivers may prefer the classic view with a list of individual conversations only, and Apple now lets users choose. Apple released the second beta of iOS 26.2 this week, and it introduces a new CarPlay setting for turning off pinned conversations in the Messages...
Read Full Article24 comments
Tesla Charging

Tesla Working to Add Apple CarPlay Support to Vehicles

Thursday November 13, 2025 8:31 am PST by
Tesla is working to add support for Apple CarPlay in its vehicles, Bloomberg's Mark Gurman reports. Tesla vehicles rely on its own infotainment software system, which integrates vehicle functions, navigation, music, web browsing, and more. The automaker has been an outlier in foregoing support for Apple CarPlay, which has otherwise become an industry standard feature, allowing users to...
Read Full Article293 comments
tvOS 26 Profiles

tvOS 26.2 Adds a Useful New Feature to Your Apple TV

Friday November 14, 2025 10:02 am PST by
Starting with the upcoming tvOS 26.2 update, currently in beta, additional profiles created on the Apple TV no longer require their own Apple Account. In the Settings app on the Apple TV, under Profiles and Accounts, anyone can create a new profile by simply entering a name and indicating whether the profile is for a kid. The profile will be associated with the primary user's Apple Account,...
Read Full Article
iPhone Pocket Short

iPhone Pocket Now Available to Order, But Already Selling Out

Friday November 14, 2025 6:20 am PST by
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone. iPhone Pocket is available to order on Apple's online store starting today, in the United States, France, China, Italy, Japan, Singapore, South Korea, and the United Kingdom. However, it is already completely sold out in the United...
Read Full Article179 comments
homepod mini thumb feature

New HomePod Mini, Apple TV, and AirTag Were Expected This Year — Where Are They?

Wednesday November 12, 2025 11:42 am PST by
While it was rumored that Apple planned to release new versions of the HomePod mini, Apple TV, and AirTag this year, it is no longer clear if that will still happen. Back in January, Bloomberg's Mark Gurman said Apple planned to release new HomePod mini and Apple TV models "toward the end of the year," while he at one point expected a new AirTag to launch "around the middle of 2025." Yet,...
Read Full Article118 comments
iOS 26

iOS 26.2 Available Next Month With These 8 New Features

Tuesday November 11, 2025 9:48 am PST by
Apple released the first iOS 26.2 beta last week. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date....
Read Full Article68 comments
m1 chip slide

Five Years of Apple Silicon: M1 to M5 Performance Comparison

Monday November 10, 2025 1:08 pm PST by
Today marks the fifth anniversary of the Apple silicon chip that replaced Intel chips in Apple's Mac lineup. The first Apple silicon chip, the M1, was unveiled on November 10, 2020. The M1 debuted in the MacBook Air, Mac mini, and 13-inch MacBook Pro. The M1 chip was impressive when it launched, featuring the "world's fastest CPU core" and industry-leading performance per watt, and it's only ...
Read Full Article177 comments
iOS 26

Everything New in iOS 26.2 Beta 2

Wednesday November 12, 2025 3:29 pm PST by
Apple today provided developers with the second beta of iOS 26.2, which adds a few new features worth knowing about. Measure App Apple's Measure app now features a Liquid Glass design for the level, with two Liquid Glass bubbles instead of white circles. Games App There's now an option to sort games in the Games app Library by size, in addition to Name and Recent. CarPlay The...
Read Full Article64 comments
walmart new ornametns

Walmart Black Friday Deals Begin Today With Low Prices on Headphones, TVs, and More

Friday November 14, 2025 7:55 am PST by
Walmart's Black Friday sale has officially kicked off today, with an online shopping event that's also seeing some matching deals in retail locations. There are quite a few major discounts in this sale, including savings on headphones, TVs, and more. Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us...
Read Full Article13 comments

Top Rated Comments

Diamond Dog Avatar
Diamond Dog
98 months ago
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.
Uh, 99% of the people who own affected products have no idea what Meltdown or Spectre are, or how a processor works to begin with. I think it's just fine to develop a way of explaining the exploits that meets the level of understanding that said users have.
Score: 22 Votes (Like | Disagree)
heov Avatar
heov
98 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
Score: 22 Votes (Like | Disagree)
341328 Avatar
341328
98 months ago
I want a free CPU upgrade.
Score: 16 Votes (Like | Disagree)
NoBoMac Avatar
NoBoMac
98 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
Score: 11 Votes (Like | Disagree)
Ulfric Avatar
Ulfric
98 months ago
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.

P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.

AMD has released a whitepaper on the V4 mitigation. If anyone interested to read them then please proceed.
https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
Score: 8 Votes (Like | Disagree)
btrach144 Avatar
btrach144
98 months ago
I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.

I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
Score: 8 Votes (Like | Disagree)
Read All Comments