The Spectre and Meltdown flaws revealed some cripping vulnerabilities in all sorts of chipsets, including Intel, AMD and ARM CPUs. While the entire tech industry worked (albeit late) to patch the flaws as much as they could, the fear of future attacks always remained. The Meltdown vulnerability was the easier of the two to fix, but the Spectre vulnerability remained open as it was an architectural flaw that allowed hackers to access the kernal layer and extract data. There were two variants of Spectre — Variant 1 and Variant 2 which explained how the flaw could be used to exploit the speculative execution ability of CPUs. However, there seems to be more ways to exploit the flaw, and an entirely new set of exploits are reportedly on the way.
For those uninitiated, we had broken down the Meltdown and Spectre flaws in a detailed post. Give it a read here.
Heise.de, a german technology publication claims to have seen evidence of eight new Spectre-related attacks that will soon be released to the public. The details have already been communicated to the manufacturers. The portal is calling the new set of exploits as Spectre-NG (NG stands for Next Generation), and here’s how they summaries their findings —
“So far we only have concrete information on Intel’s processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further, research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.”
The report states that Intel is working hard on patching the flaws with two rounds of updates that are scheduled for May and August. Similar to what was done for Meltdown and Spectre, Microsoft will also provide an additional patch for Windows. In fact, a disclosure from Intel seems to be on the way as a new update from the semiconductor company states —
“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalise mitigations. As a best practice, we continue to encourage everyone to kepp their systems up to date.”
It does seems like something big might be disclosed by the company soon. It sounds like the disclosure the company made before announcing the previous flaws. But nothing is confirmed so far, and we would ask readers to exercise caution and take time to understand the findings and reports.
The Spectre and Meltdown flaws weren’t handled that well. CTS-Labs, a company thought of taking advantage of the entire debacle by attempting to hijack AMD’s stock prices to make money, which did divert attention from the main issue at hand. The mess made by the Spectre bug is still being cleaned and so far, major players like Intel, AMD and ARM has been the most affected by the discovery, and especially the way it was handled and disseminated.