By Paul Alcorn @ Tom’s Hardware
The online German computer magazine Heise.de is reporting that eight new Spectre-class vulnerabilities have been discovered. The vulnerabilities purportedly affect Intel and ARM processors, but the impact on AMD processors remain unknown. We reached out to Intel for comment, and the company provided this statement, which neither confirms nor denies the vulnerabilities:
Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.
Much like the first round of Spectre vulnerabilities, these newly discovered vulnerabilities rely upon a side-channel attack on a processors’ speculative execution engine. As per normal and responsible reporting policies, the teams of researchers that discovered the attacks are not releasing details until processor vendors are given a reasonable amount of time to develop patches, which should help ward off exploits, at least for now.