If you're new to AirPods, considering buying a pair, or just want to pick up some new tips.
AirPods and AirPower: Everything We Know
Intel Discloses New 'Variant 4' Spectre-Like Vulnerability
Intel, Google, and Microsoft today disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.
Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.
This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.
Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.
Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.
Called Variant 4, or the Speculative Store Bypass, the vulnerability is similar to Spectre, taking advantage of the speculative execution mechanism of a CPU to allow hackers to gain access to sensitive information. Variant 4 was demonstrated by researchers in a language-based runtime environment.
CVE-2018-3639 - Speculative Store Bypass (SSB) - also known as Variant 4According to Intel, the new vulnerability has a "moderate" severity rating because many of the exploits that it uses have already been addressed through mitigations that were first introduced by software makers and OEMs in January for Meltdown and Spectre. Intel is, however, releasing a full mitigation option that will "prevent this method from being used in other ways."
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
This additional mitigation for Variant 4 has been delivered in beta form to OEM system manufacturers and system software vendors, and Intel is leaving it up to its partners to decide whether or not to implement the extra measures. Intel plans to leave the mitigation set to off by default because of the potential for performance issues.
This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark(R) 2014 SE and SPEC integer rate on client1 and server2 test systems.The Spectre and Meltdown family of vulnerabilities affect all modern processors from Intel, ARM, and AMD, but Intel has faced more scrutiny over the design flaw due to its high-profile position in the processor market. Apple's iOS and Mac devices are affected by these vulnerabilities, but Apple has historically been quick to patch them.
Prior to when Spectre and Meltdown were initially discovered, for example, Apple had already implemented some patches and has since addressed known Meltdown and Spectre vulnerabilities with little impact to performance on Macs or iOS devices. As mentioned above, many of the exploits in Variant 4 have been previously addressed by Apple and other manufacturers in already-existing software patches.
Spectre and Meltdown-related vulnerabilities are hardware-based and therefore must be mitigated rather than outright fixed, but future Intel chips will not be as vulnerable. Intel has said that its next-generation Xeon Scalable processors (Cascade Lake) and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.
Tags: Intel, Meltdown-Spectre
[ 83 comments ]
Top Rated Comments
(View all)
10 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
10 months ago
Always amusing how nerds make such a huge attention play with their naming of bugs, flaws, exploits etc and graphics that go along with them. DRAMA! DRAMA! Couldn't they just be grown ups? Don't talk down to people as if they're in kindergarten, along with your cutesey, overly-rounded, totally redundant logos of ghosts etc; people aren't (all) morons.
Uh, 99% of the people who own affected products have no idea what Meltdown or Spectre are, or how a processor works to begin with. I think it's just fine to develop a way of explaining the exploits that meets the level of understanding that said users have.
10 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
Since the post was not done using the Sarcasm Font...
AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.
https://www.amd.com/en/corporate/security-updates
10 months ago
I really wish Intel and 3rd party board manufactures would release the microcode for BIOS updates for older boards. My 4960X, which is a 4.5 year old $1,000 CPU is unprotected from these security threats because ASUS refuses to release a BIOS update.
I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
I shouldn't have to buy a new motherboard every 2 years just to continue receiving BIOS updates.
10 months ago
Since the post was not done using the Sarcasm Font...
AMD is promising a processor without this issue in 2019. Until then, they too have vulnerable processors.
https://www.amd.com/en/corporate/security-updates
You do realize AMD is also affected by these vulnerabilities, eh? Even Apples own A-chips.
To this date there has been 4 types of exploits discovered. Spectre V1, Spectre V2, Spectre NG(Which includes rogue system register read, Spectre-V3a, and speculative store bypass, Spectre-V4) & Meltdown. Apart from Spectre V1 none of the AMD CPUs are affected by these exploits, and that's also has been mitigated by the browser's side channel patch.
P.S: Retracting from my original comment. It seems AMD has been affected by V4 and it appears that the mitigations will be available through OS patch. There is no need for a microcode or BIOS update.
AMD has released a whitepaper on the V4 mitigation. If anyone interested to read them then please proceed.
https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
10 months ago
I always find it terribly amusing that the parties responsible for whatever catastrophe-of-the-month (technological vulnerabilities, environmental damage, societal malfeasance) are ostensibly the only ones who can repair the damage.
Then they get to swoop in and play the savior. :rolleyes:
And we're supposed to be thankful. o_O
Then they get to swoop in and play the savior. :rolleyes:
And we're supposed to be thankful. o_O
10 months ago
Hey, don’t sweat this new security flaw. Do what I’ve done and use a secure, hack proof, reliable and energy efficient “processor”.....
10 months ago
I'm fed up with Intel and hope Apple will start using AMD-chips that don't contain as much speculative execution black magic.
10 months ago
This won't be the last. We're going to see these impacts continue with current processors for some time.
[ Read All Comments ]
Google's "Keep" app for taking notes and making lists today expanded to the Apple Watch, allowing the app's users to use the note taking and list making functionality right on their...
Apple today seeded the third beta of an upcoming macOS Mojave 10.14.4 update to its public beta testing group, one day after seeding the third beta to developers and two weeks after releasing the...
Apple today seeded the third beta of an upcoming tvOS 12.2 update to developers for testing purposes, two weeks after seeding the second beta and a month after releasing the tvOS 12.1.2 update.
...
Apple today seeded the third beta of an upcoming watchOS 5.2 update to developers, two weeks after seeding the second watchOS 5.2 beta and a month after releasing watchOS 5.1.3.
Once the proper...
GM was one of the early adopters of CarPlay, with the feature debuting on a few 2016 Chevrolet models and rapidly spreading across the company's various brands including Buick, GMC, and...
Following an announcement last year and launch in Europe, Eve Systems today released the portable LED lamp Eve Flare in the United States and Canada. Similar to Hue Go, Eve Flare lets you pick up and...
SoundCloud today announced a new feature that allows creators to distribute their music directly to major streaming music services like Apple Music, Spotify, and Amazon Music (via Billboard). The...
Printer company Epson today announced the launch of voice-activated mobile printing support for Siri, Amazon Alexa, and Google Assistant. With the addition, iOS users can snap a photo and ask Siri to...
