Google’s Project Zero and Microsoft today disclosed the latest variant of the Spectre and Meltdown security flaws that were originally revealed in January. Intel is referring to this one as “Variant 4,” and it uses some of the same security vulnerabilities as the initial discovery…
Ecobee HomeKit Thermostat
As reported by CNET, Intel is classifying the new variant as a “medium risk” vulnerability because “many” of the exploits that it would take advantage of were fixed by browsers during the initial set of patches.
Variant 4, like its predecessor, takes advantage fo the speculative features of a CPU and thus allows hackers to access sensitive information. The company writes in a blog post:
Nevertheless, Intel says it has delivered microcode updates to manufacturers and expects a rollout to commence over the coming weeks.
We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.
As far as performance goes, Intel says it doesn’t expect the patch to affect performance, and suspects that most OEMs will leave the mitigation turned off in an effort to ensure performance remains the same. Though, the company does note that it has observed a “performance impact of approximately 2 to 8 percent” when enabled.
More information about Intel’s latest Spectre & Meltdown bug can be read on Intel’s website.