Intel, Microsoft And Google Discover SSB Variant 4 – Fourth Variant Of Spectre And Meltdown Bugs That Risks Data Leak Via Side Channel Analysis
Early this year, reports of a major design flaw in Intel's chipsets created mass panic across the tech world. The vulnerabilities, later identified as Spectre and Meltdown, allowed programs to access kernel-level data. Kernel level data is generally invisible from day to day applications and consists of sensitive information such as passwords and login keys.
The fix required sacrificing one major processing advancement that has allowed for major performance gains over the years. It required isolating kernel memory and user applications, and in the process also to sacrifice efficient performance. However, as it was initially feared, Spectre and Meltdown were not the last of such vulnerabilities. Microsoft, Google, and Intel have discovered another vulnerability dubbed as Speculative Store Bypass Variant 4. Take a look below for all the details.
Latest Speculative Store Bypass Variant 4 Vulnerability Affects Intel, AMD, And ARM's Chipsets; Can Allow Attackers To Gain Access Of Sensitive Programs
Despite its numerous advantages, Speculative Execution is turning out to be a huge headache for processor manufacturers. After Spectre and Meltdown, this vulnerability is the latest to misuse the technique for nefarious purposes. However, the good news is that this one doesn't have effects similar in severity to the previous three flaws since most of the more serious ones have already been patched by Spectre and Meltdown fixes.
Speculative Store Bypass Variant 4 impacts processors manufactured by Intel, AMD, and ARM. It is focused more towards targeting web browsing components which are not meant to be accessed by everyday apps. According to Intel, SSB Variant 4 targets "systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
Intel further goes on to note that there is no evidence for the flaw already being used by hackers. However, despite several remedies for SSB variant 4 already being implemented by vendors in the form of Spectre and Meltodwn patches, solutions specific to the vulnerability will nevertheless be developed. In addition, just as earlier fixes, they will also result in performance impacts.
Intel has also delivered beta microcode updates to vendors already and expects that overall, these fixes will result in an addition 2 - 8% performance decrease. The chipmaker's update sent to vendors also includes a fix for Variant 3a (Rogue System Register Read), discovered by ARM in January. The fix for Variant 3a does not cause any decrease in performance. Thoughts? Let us know what you think in the comments section below and stay tuned. We'll keep you updated on the latest.