A few days ago we discussed it. Researchers had detected variants of the vulnerability that affects processors, mainly from Intel, known as Specter and Meltdown. The news today is the confirmation by Intel of the existence of this vulnerability, which they have named variant 4.
Not only has Intel disclosed the vulnerability, Google and Microsoft are also announcing it to their customers and the media. As we said, it is a variant of the Specter vulnerability, which would allow third parties to have access to confidential information. Intel experts have been working to correct the defect for days.
In the Intel statement, we can read:
CVE-2018-3639: Speculative Bypass (SSB) - Also known as Variant 4.
The Microprocessor-based systems that use speculative execution can allow unauthorized disclosure of information to an attacker with local user access through side-channel analysis.
It is difficult to be exposed to these types of attacks, which usually target people of high repute. Still, Intel rates this vulnerability as moderate, Since many exploits have been addressed in previous updates, both by Intel and the developers of the different operating systems in which Intel processors are found. Even so, We will see a chain of security updates in this regard in the coming weeks.
In fact, hardware manufacturers have a beta version of the patch so that they check its effectiveness. Intel leaves the door open to developers, in case you want to implement this patch, for the performance adjustments of each operating system or each type of computer.
This mitigation will be configured by default, giving clients the option to enable it or not. We expect most industry software partners to use the default disable option as well. In this configuration, we have not seen any performance impact. If enabled, we have seen a performance impact of approximately 2-8 percent based on overall benchmark index scores such as SYSmark (R) 2014 SE and the SPEC integer index rate on test systems client1 and server2.
As far as we know, Intel's new 8th generation processors will not suffer from these vulnerabilities. Hopefully Intel fixes all these bugs before releasing them.
