Intel and Microsoft on Monday reported a new variant of the Spectre and Meltdown security bugs.
Google's Project Zero researchers initially reported the bug to Intel, AMD, and Arm in February.
Named "Variant 4" by Intel, the strain exploits many of the same vulnerabilities disclosed in January, while extracting data via a different technique. Variant 4 employs "Speculative Store Bypass," which could enable a victim's processor to load sensitive data to potentially unsecured spaces.
Officials with the U.S. Computer Emergency Readiness Team say Variant 4 would let attackers read older memory values on a victim's central-processing unit.
Intel plans to issue a complete patch for Variant 4 in the coming weeks, and vendors will have to activate the fix.
"It is important to note that this method is dependent on malware running locally," Arm noted.
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA