Researchers from Google and Microsoft have found a new security flaw that affects a wide range of modern processors from several manufacturers. They have called it “Speculative Store Bypass” or “Variant 4” since they consider it the fourth variant of the Specter vulnerability that gave so much to talk about next to Meltdown at the beginning of this 2018.
The new vulnerability also allows a glimpse into the core memory of a processor through speculative execution and affects Intel, AMD and ARM processors, as well as some IBM processors. We must remember that ARM cores are used in smartphones, tablets and other types of devices, so it has an important potential to reach.
The name “Variant 4”, as we have said, has to do with its familiarity with Meltdown and Specter. Variants 1 and 2 are known as Specter (CVE-2017-5753, CVE-2017-5715), while variant 3 is known as Meltdown (CVE-2017-5754). The one of today is the variant 4 (CVE-2018-3639), that receives the name of “Speculative Store Bypass”.
This fourth variant is not considered high risk since it is difficult to implement. But if you manage to exploit it, you could read data protected by system privileges or speculatively execute system commands that have been used previously. Another minor vulnerability called “Rogue System Register Read (RSRE)” or “Variant 3a” CVE-2018-3640 has also been discovered, capable of using speculative execution to read the system records.
The difference with respect to all the chaos that was mounted a few months ago with the first variants is that this time it has acted with speed, and that along with the news of the discovery of the vulnerabilities has also been announced that the patches to solve them already are on the way and about to arrive
The price to pay will be less CPU power
The bad news of all this is that due to its great similarity with Specter, patches to mitigate these new vulnerabilities could also affect processor performance and slow down computers. From Intel have already warned that the security update could reduce the performance of their processors between 2 and 8%.
However, there is also another good news thanks to this similarity with previous problems. And is that Intel itself has also ensured that internet browsers will not be affected by the new vulnerability because the update against Meltdown earlier this year has already protected against it.
For more stuff visit our site techverses.com and discover what you want.