A number of tech companies, including Microsoft, Intel, and Google are disclosing a new processor security vulnerability similar to the Spectre and Meltdown. The new flaw is called “Variant 4,” and it’s a new subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (SSB), and affects Intel processors as those from AMD and ARM.
Similar to Meltdown and Spectre, this new vulnerability could allow attackers to read and steal user private data, but it’s less impactful than Variant 2 and it shares many characteristics of Variant 1.
Intel says that recent patches to mitigate Spectre and Meltdown for modern web browsers, such as Chrome, Microsoft Edge, and Safari also mitigate Variant 4. However, same as Variant 2, Variant 4 will require software updates as well as firmware updates for affected processors, which unfortunately will affect system performance.
Intel has already created a mitigation called “Speculative Store Bypass Disable (SSBD)”, which is now available as beta for computer manufacturers, and the chip maker is expecting the update to rollout to the public in the coming weeks.
According to Microsoft and Intel there hasn’t been any reports of this method being used in real-world exploits, as such this “mitigation will be set to off-by-default, providing customers the choice of whether to enable it.” However, if enabled, it’s expected that computers will take a performance hit of up to eight percent.
As always the best way to stay protected is to keep up your system updated with the latest software and firmware patches, and having an up to date anti-malware solution, such as Windows Defender Antivirus.