Internet related News · 2018-05-22

New flaw in computer chips found – News

Microsoft & Google have jointly disclosed another CPU security vulnerability that’s similar to the ‘Meltdown’ & ‘Spectre’ flaws that were revealed earlier this year. Dubbed ‘Speculative Store Bypass’ (variant 4), the latest vulnerability is a similar exploit to Spectre & exploits speculative execution that modern CPUs use.

Here’s what Intel had to say…though it does not seem unduly perturbed.

Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment.  While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks. This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option.  In this configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark® 2014 SE and SPEC integer rate on client1 and server2 test systems.


Google and Microsoft disclose new CPU flaw, and the fix can slow … – The Verge

http://news.google.com May 21, 2018

Microsoft and Google are jointly disclosing a new CPU security vulnerability that’s similar to the Meltdown and Spectre flaws that were revealed earlier this year.M …

Read more …

Microsoft, Google find fresh flaw in chips, but risk is low – Reuters

http://news.google.com May 21, 2018 

The newest chip problem, known as Speculative Store Bypass or “Variant 4” because it’s in the same family as the original group of flaws, was disclosed by security researchers a …

Read more …


 

Click here to opt-out of Google Analytics