Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on May 22, 2018

Microsoft, Intel, and Google disclose another Spectre-like CPU flaw

Microsoft, Intel, and Google disclose another Spectre-like CPU flaw
Abhimanyu Ghoshal
Story by

Abhimanyu Ghoshal

Managing Editor

Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].

2018 started off on a sour note with the discovery of the Meltdown and Spectre chip-level security flaws, which could be exploited to access secure data on computers powered by the world’s most popular processors. Now, there’s another version doing the rounds.

Microsoft and Google have jointly disclosed what’s being called Speculative Store Bypass (variant 4), which, as the US Computer Emergency Readiness Team describes, “could allow an attacker to read older memory values in a CPU’s stack or other memory locations.”

Variant 4 uses speculative execution, an optimization technique in CPUs, to potentially expose certain kinds of data. The exploit can be run through web browsers via runtimes like JavaScript.

Intel attempted to quash worries by stating that it hasn’t seen this exploit being used in the wild, and that mitigations for this flaw that could potentially be exploited through browsers have already been deployed to tackle Meltdown and Spectre back in January.

In addition, Intel notes that it’s sent over patches to OEMs so they can issue firmware updates for their products. But for those who choose to enable the Speculative Store Bypass protection (it’ll be set to off by default), there’s likely going to be a drop in performance of between 2-8 percent. So, yes, you’ll have to choose between tight security and performance for the time being.

The bug was discovered back in November 2017 by Microsoft, after which it was disclosed to select industry partners. Hopefully, with Intel’s upcoming chip designs, we won’t have to worry about such security flaws in future devices.

Also tagged with