Intel Discloses New 'Variant 4' Spectre-Like Vulnerability

by

Intel, Google, and Microsoft today disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.

Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.

meltdownspectre

CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."

This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.

This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark(R) 2014 SE and SPEC integer rate on client1 and server2 test systems.

The Spectre and Meltdown family of vulnerabilities affect all modern processors from Intel, ARM, and AMD, but Intel has faced more scrutiny over the design flaw due to its high-profile position in the processor market. Apple's iOS and Mac devices are affected by these vulnerabilities, but Apple has historically been quick to patch them.

Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.

Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.

Tags: Intel, Meltdown-Spectre

Popular Stories

Apple Creator Studio

Apple Introduces New 'Creator Studio' Bundle of Apps for $129 Per Year

Tuesday January 13, 2026 6:11 am PST by
Apple today introduced a new Apple Creator Studio bundle that offers access to six creative apps, as well as exclusive AI features and content, as part of a single subscription. In the U.S., pricing is set at $12.99 per month or $129 per year. Here are the six apps included with an Apple Creator Studio subscription:Final Cut Pro on the Mac and iPad Logic Pro on the Mac and iPad Pixelmator...
Read Full Article377 comments
Low Cost MacBook Feature A18 Pro

Apple Is Expected to Launch These Four MacBooks in 2026

Friday January 9, 2026 8:17 am PST by
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop. Subscribe to the MacRumors YouTube channel for more videos. ...
Read Full Article118 comments
iOS 26

Here's What's New in iOS 26.3 So Far

Monday January 12, 2026 1:15 pm PST by
Apple today seeded the second beta of iOS 26.3, nearly a month after the first beta. So far, the update includes a couple of new features for iPhones. iOS 15.3 through iOS 18.3 were all released in late January over the years, so it is thereby likely that iOS 26.3 will be released towards the end of this month as well. The update is compatible with the iPhone 11 series and newer. Below,...
Read Full Article46 comments
iOS 18 Siri Personal Context

Apple Confirms Google Gemini Will Power Next-Generation Siri This Year

Monday January 12, 2026 7:38 am PST by
In a statement shared with CNBC today, Apple confirmed that Google Gemini will power the next-generation version of Siri that is slated to launch later this year. "After careful evaluation, we determined that Google's technology provides the most capable foundation for Apple Foundation Models and we're excited about the innovative new experiences it will unlock for our users," the statement...
Read Full Article269 comments
iPhone Top Left Hole Punch Face ID Feature Purple

10 Reasons to Wait for This Year's iPhone 18 Pro

Thursday January 8, 2026 2:56 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article75 comments
fcp pcp iwork creator studio

These Apple Apps Will No Longer Receive All New Features Without a Subscription

Tuesday January 13, 2026 10:50 am PST by
If you are not interested in subscribing to the new Apple Creator Studio bundle introduced today, you will officially start to miss out on some new features. Apple said some "exciting new intelligent features and premium content" in Final Cut Pro, Pixelmator Pro, Keynote, Numbers, Pages, and Freeform will only be accessible with a Creator Studio subscription. In the U.S., a subscription...
Read Full Article442 comments
airpods pro 3 design

Apple Releases New AirPods Pro 3 Firmware Update

Tuesday January 13, 2026 11:29 am PST by
Apple today released a firmware update for the AirPods Pro 3. The latest firmware has a version number of 8B34, up from the previous version 8B30. Apple has a support document for AirPods firmware updates, and it indicates that the 8B34 update contains unspecified "bug fixes and other improvements." No other AirPods models received firmware updates today. How to install AirPods Pro...
Read Full Article42 comments
iOS 18 Siri Personal Context

Elon Musk Reacts to Apple and Google Teaming on Gemini-Powered Siri

Monday January 12, 2026 11:38 am PST by
Elon Musk today expressed concern about Apple and Google partnering on a more personalized version of Siri powered by Google's generative AI platform Gemini. "This seems like an unreasonable concentration of power for Google, given that [they] also have Android and Chrome," wrote Musk, in a post on X. Musk serves as CEO of xAI, the company behind Gemini competitor Grok. It is unlikely...
Read Full Article232 comments
iOS 18 Siri Personal Context

Google Gemini-Powered Siri Will Reportedly Have These 7 New Features

Tuesday January 13, 2026 7:52 pm PST by
Apple and Google this week announced that Gemini will help power a more personalized Siri, and The Information has provided more details. As soon as this spring, the report said the revamped version of Siri will be able to… Answer more factual/world knowledge questions in a conversational manner Tell more stories Provide emotional support Assist with more tasks, such as booking travel ...
Read Full Article174 comments

Top Rated Comments

Diamond Dog Avatar
Diamond Dog
100 months ago
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.
Uh, 99% of the people who own affected products have no idea what Meltdown or Spectre are, or how a processor works to begin with. I think it's just fine to develop a way of explaining the exploits that meets the level of understanding that said users have.
Score: 22 Votes (Like | Disagree)
heov Avatar
heov
100 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
Score: 22 Votes (Like | Disagree)
341328 Avatar
341328
100 months ago
I want a free CPU upgrade.
Score: 16 Votes (Like | Disagree)
NoBoMac Avatar
NoBoMac
100 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
Score: 11 Votes (Like | Disagree)
Ulfric Avatar
Ulfric
100 months ago
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.

P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.

AMD has released a whitepaper on the V4 mitigation. If anyone interested to read them then please proceed.
https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
Score: 8 Votes (Like | Disagree)
btrach144 Avatar
btrach144
100 months ago
I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.

I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
Score: 8 Votes (Like | Disagree)
Read All Comments