Intel Discloses New 'Variant 4' Spectre-Like Vulnerability

by

Intel, Google, and Microsoft today disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.

Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.

meltdownspectre

CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."

This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.

This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark(R) 2014 SE and SPEC integer rate on client1 and server2 test systems.

The Spectre and Meltdown family of vulnerabilities affect all modern processors from Intel, ARM, and AMD, but Intel has faced more scrutiny over the design flaw due to its high-profile position in the processor market. Apple's iOS and Mac devices are affected by these vulnerabilities, but Apple has historically been quick to patch them.

Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.

Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.

Tags: Intel, Meltdown-Spectre

Popular Stories

iPhone 17 Pro Colors

Apple Announces iPhone 17 Pro and Pro Max With New Design, Larger Battery, and More

Tuesday September 9, 2025 10:59 am PDT by
Apple today introduced the iPhone 17 Pro and iPhone 17 Pro Max. Both devices feature a new aluminum unibody design, with the Ceramic Shield now protecting both the front and back sides. Apple says the front side is now Ceramic Shield 2, which offers 3x better scratch resistance, while the rear Ceramic Shield is advertised as 4x more resistant to cracks compared to the back glass on previous...
Read Full Article464 comments
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro Models Are eSIM-Only in These Countries

Tuesday September 9, 2025 12:23 pm PDT by
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries. The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple: Bahrain Canada Guam Japan Kuwait Mexico Oman Qatar Saudi Arabia United Arab Emirates Un...
Read Full Article78 comments
airpods translate

AirPods Live Translation Blocked for EU Users With EU Apple Accounts

Thursday September 11, 2025 4:01 am PDT by
Apple's new Live Translation feature for AirPods will be off-limits to millions of European users when it arrives next week, with strict EU regulations likely holding back its rollout. Apple says on its feature availability webpage that "Apple Intelligence: Live Translation with AirPods" won't be available if both the user is physically in the EU and their Apple Account region is in the EU....
Read Full Article215 comments
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro: Release Date and Pre-Orders

Wednesday September 10, 2025 12:30 am PDT by
Apple held its annual iPhone event on Tuesday, September 9, to unveil the iPhone 17, ultra-thin iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max. All of the new iPhone models will be available to pre-order starting Friday, September 12 at 5 a.m. Pacific Time / 8 a.m. Eastern Time in the U.S. and dozens of other countries, according to Apple. The release date for the devices is one week...
Read Full Article
iPhone 17 Pro Cosmic Orange

Skipping the iPhone 17 Pro? Here's What's Rumored for iPhone 18 Pro

Wednesday September 10, 2025 8:33 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are still a year away, there are already a few rumors about the devices that offer an early look ahead. If you are skipping the iPhone 17 Pro and want to know about what to expect from the iPhone 18 Pro models, we have recapped a few of the key rumors below. Under-Screen Face ID In April 2023, display industry analyst Ross Young shared a...
Read Full Article120 comments
better iphone 17 lineup

Apple Lists iPhone 17, iPhone Air, and iPhone 17 Pro Battery Capacities

Tuesday September 9, 2025 1:25 pm PDT by
Apple has confirmed the battery capacities for the iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max models that were announced earlier today. Apple is required to publish energy labels on its iPhone product pages in the EU, and they reveal the official mAh battery capacities for the devices. Here are the battery capacities for each model, according to Apple: iPhone 17:...
Read Full Article56 comments
iPhone 17 Pro Colors

Didn't Pre-Order a New iPhone Yet? Here's How Long the Wait is Now

Friday September 12, 2025 6:11 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began at 5 a.m. Pacific Time in the U.S. and many other countries today. If you have yet to place a pre-order, you might face a longer wait now, depending on your desired configuration. As of shortly after 6 a.m. Pacific Time today, nearly all iPhone 17 Pro Max configurations on Apple's online store in the U.S. are facing ...
Read Full Article277 comments

Top Rated Comments

Diamond Dog Avatar
Diamond Dog
96 months ago
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.
Uh, 99% of the people who own affected products have no idea what Meltdown or Spectre are, or how a processor works to begin with. I think it's just fine to develop a way of explaining the exploits that meets the level of understanding that said users have.
Score: 22 Votes (Like | Disagree)
heov Avatar
heov
96 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
Score: 22 Votes (Like | Disagree)
341328 Avatar
341328
96 months ago
I want a free CPU upgrade.
Score: 16 Votes (Like | Disagree)
NoBoMac Avatar
NoBoMac
96 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
Score: 11 Votes (Like | Disagree)
Ulfric Avatar
Ulfric
96 months ago
Since the post was not done using the Sarcasm Font...

AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.

https://www.amd.com/en/corporate/security-updates
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.

P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.

AMD has released a whitepaper on the V4 mitigation. If anyone interested to read them then please proceed.
https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
Score: 8 Votes (Like | Disagree)
btrach144 Avatar
btrach144
96 months ago
I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.

I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
Score: 8 Votes (Like | Disagree)
Read All Comments