Intel has a new report out describing what the chip maker is calling a Spectre-like vulnerability dubbed Variant 4. Like the Spectre and Meltdown vulnerabilities from earlier this year, Variant 4 exploits the CPU’s speculative execution mechanism so hackers can potentially get at sensitive information on your computer.
The Intel security report states,
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
The good news is many of the exploits Variant 4 takes advantage of were patched earlier this year. Intel also has a patch available for device manufacturers, although that’s still a beta.
Apple responded quickly to Spectre and Meltdown with patches for the Mac, iPhone, iPad, iPod touch, and Apple TV. Based on Apple’s track record, odds are we’ll see a patch for Variant 4 soon.
Since the flaws are hardware-based, future processors cna be engineered to avoid the vulnerability. For all of the computers, smart phones, and tablets already in the wild, the fix comes as an operating system patch. We’ll be watching to see how quickly Apple and other device makers respond to Variant 4.