According to ITnews reported that researchers found and reported in the Intel processor 8 new Spectre-style hardware vulnerabilities, the chip giant faces the trouble of providing new security patches.
The German IT website C’T first reported the matter and said that it had obtained all the technical details from the researchers and verified it. In addition, Intel Corporation has also confirmed the existence of these vulnerabilities and listed them in Common Vulnerabilities and Exposures.
The new hardware vulnerabilities have been named “Spectre New Generation”. Intel believes that 4 of the 8 vulnerabilities have serious threats, while the rest are moderate threats. Intel is developing patches for them.
C’T reported that one of the new vulnerabilities is more serious than the original Spectre vulnerabilities because it can be used to bypass virtual machine isolation and steal sensitive data such as passwords and digital keys from the cloud host system. Regardless of whether Intel’s Software Protection Extension (SGX) is enabled, Spectre New Generation vulnerabilities can be exploited.
It is unclear whether AMD processors and chips under ARM architecture are also vulnerable to Spectre New Generation.
Security researchers at Google’s Project Zero team have discovered one of the Spectre New Generation vulnerabilities. They may release technical details next week, and there will be a strict 90-day secrecy period to give suppliers time to solve problems.
For Intel and its technology partners (such as Microsoft), dealing with Spectre and Meltdown vulnerabilities on processors has always been difficult, because after applying the microcode patch, users report that the system is unstable and performance is slow.
These vulnerabilities stem from hardware design flaws and allow attackers to read data in memory. Thousands of new and old processors are vulnerable to vulnerabilities. Intel has promised to re-architect its processors to prevent the Spectre and Meltdown vulnerabilities from recurring.
