Meltdown and Spectre are not done yet — 8 flaws reported
Eight new flaws in computer central processing units (CPUs) have resurrected from ashes closely resembling the Meltdown and Spectre flaws, reports Reuters. A German computing magazine first reported the flaws and says Intel intends to patch the flaws. ARM Holdings may also have vulnerable chips.
Intel responded to the claims saying it has always been in the company's best practice to have a "coordinated disclosure" of "potential issues," according to an announcement by Leslie Culbertson, executive VP and GM of Product Assurance and Security at Intel.
Culbertson did not confirm or deny the new revelations, but encouraged customers to routinely check for system updates. In the meantime, Intel continues working with industry partners and researchers while "reserving blocks of CVE numbers" to help mitigate possible issues.
The Meltdown and Spectre flaws were revealed in January and caused the tech community to fall into a tizzy. The flaws dated back decades and Intel chips were at the forefront of public backlash.
If the flaws are correctly manipulated, a hacker could essentially access all the "secrets" stored in a chip's memory. If a processor with enough power is tapped, a hacker could send malicious code throughout a computer's system.
However, rest assured that type of system hijacking may only be viable in chips dating back 10 years or so because microprocessors made before this time are simply not refined enough to handle and run mass, malicious code.
Risks exist beyond the month they are exposed, and after about five months months, Meltdown and Spectre are proving just that. Because the flaws take advantage of speculative execution — a feature that aids a chip's performance — it highlights the industry's tendency to shift focus away from a product's security and onto its performance.
Favoring the latter will only result in more flaws in future products. Customers need to trust their vendors are producing reliable products that won't compromise the data they're trusting their vendors to protect.
With the ongoing Meltdown and Spectre saga, it is unknown how many different ways Intel can address the safety of its future products.
Follow Samantha Ann Schwartz on Twitter