There’s a new chapter in the ongoing technology crisis collectively referred to as Spectre and Meltdown, after Intel, Google, and Microsoft discovered a new flaw the companies have dubbed Variant 4. For those who may not recall, Spectre and Meltdown effectively impacted all three of the biggest OEMs on the market – AMD, Intel, and ARM. It had actually gone unnoticed for decades before eventually being discovered and patched. Although the companies have yet to divulge more complete details, this latest variation was announced on May 21 and utilizes a similar but slightly different method to earlier vulnerabilities. However, it still enables the same security problem, pulling sensitive data from any one of the chips found in millions of connected devices. Variant 4 is also not quite so serious, according to reports. In fact, it’s classified as a medium risk since many of its exploits were already patched along with the rest of those addressed by earlier fixes. As to how it works, the companies say it operates by loading sensitive data to the processor via Speculative Store Bypass.
Happily enough, the companies also don’t expect any fixes that result from the discovery to impact performance and, as far as anyone has been able to tell, no hackers have taken advantage of the exploit yet. With that said, it could still take weeks for a more complete fix to roll out to affected devices. Intel speculates that fixes could be pushed out over the next few weeks but it will be entirely dependent on how quickly individual manufacturers and distributors such as Microsoft can get the fixes put together. Moreover, some components which may be affected won’t necessarily roll out updates via the usual methods. Software vendors and manufacturers have, according to Intel, already been provided access to fixes. So device users across the board will want to keep a close eye out for updates and install them manually as needed. That includes third-party software such as browsers.
Despite the fact that this is a medium risk vulnerability, it’s worth putting some emphasis on how serious these exploits tend to be. The system level data which can be stolen via this and similar methods include passwords, user identification information, and more. That means that there’s not much to limit the damage that can be caused by malicious entities to a business, individual, or enterprise if hackers manage to take advantage of exploits based on them. Worse, they impact nearly every common consumer-ready technology-based device at the hardware level, making them exceptionally difficult to address with software.