Google and Microsoft have disclosed the new CPU security vulnerability which is same as the Meltdown and Spectre flaws. They have revealed another vulnerability in chips which are used in hundreds of millions of computers and mobile devices.
As per Speculative Store bypass (variant 4), the latest vulnerability is same as to Spectre, and it exploits the execution of the modern CPUs use. As per Intel, web browsers like Edge, Chrome, and Safari are all patched for the Meltdown. It said, “These mitigations are also applicable to variant 4 and available for consumers to use today.”This new strain has many security vulnerabilities, and this was first revealed in January. It also uses different methods to extract sensitive information as per the company.
Intel, AMD, and Arm are continuously getting haunt by Spectre and Meltdown, which have produced the chips with flaws for the computers and laptops to mobile devices. This vulnerability will help the attackers to read the sensitive information on the CPU which will affect hundreds of millions of chips from the last two decades. The other giants like Apple, Intel, and Microsoft, have already patch the flaws by taking out the updates, but the fixes did not work as it is planned and it creates problems on the computer.
According to the Leslie Culbertson, who is the Intel’s security chief said, “If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems.” For this, users will have to take between security or optimal performance. This choice is like the previous variants of the Spectre, and it will be coming down to the individual systems and servers.
Microsoft is already offering about $250,000 for bugs which are same as Spectre and Meltdown CPU flaws in March. As per Microsoft spokesperson, he said, “Microsoft previously discovered this variant and disclosed it to industry partners in November of 2017 as part of Coordinated Vulnerability Disclosure (CVD). We are continuing to work with affected chip manufacturers and have already released defense-in-depth mitigations to address speculative execution vulnerabilities across our products and services. We’re not aware of any instance of this vulnerability class affecting Windows or our cloud service infrastructure. We are committed to providing further mitigations to our customers as soon as they are available, and our standard policy for issues of low risk is to provide remediation via our Update Tuesday schedule.”