Intel is finally confirming that its computer processors are vulnerable to an additional variant of Spectre, the nasty security vulnerability that affects nearly every CPU currently in devices and in the marketplace.
German computing magazine C’t first reported the additional flaws, which can be exploited in a browser setting using a runtime (think Javascript), on May 3. When we reached out to CPU makers, including Intel and AMD, at that time they declined to comment. Instead they made lose allusions to an embargo—which is when companies (as well as security researchers and often journalists) withhold information until an agreed upon time.
But that didn’t stop Germany from taking the newly reported threats seriously. Last week, the country’s Federal Office for Information Security (BSI) asked that the makers of the affected CPUs fix the flaws as soon as possible and issued a warning to consumers in defiance of the embargo.
Gizmodo was not privy to this embargo or the details within it. However, now Intel is confirming C’t’s report. In a blog post Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, confirmed that additional vulnerabilities did exist.
The vulnerabilities appear to be of the Spectre variety, which takes advantage of speculative computing—a computing practice used by almost all modern microprocessors. Called Variant 4, this new exploit can be used in a browser. Thankfully all major browser makers, including Chrome and Firefox should be patched for the vulnerability. So make sure you’re browser is up to date and stays up to date.
A patch for the vulnerability is expected to be released by most major computer makers in the coming weeks and a beta of the patch has already been released to those manufacturers.
Source: Processor Makers Confirm New Security Flaws, So Update Your Shit Now
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft