The enemy in your chip – new CPU exploit discovered
Remember Spectre and Meltdown? The two caused quite some trouble for, well, basically everyone owning a computer due to the fact that the security hole was not in some program but in the processors itself. Now that the dust has finally settled for Intel and AMD, a new exploit was exposed: Speculative Store Bypass or simply Variant 4.
What is the Speculative Store Bypass?
As with Meltdown, Spectre, and Spectre NG (also known as Variant 1 to 3) SSB is not a software but a processor exploit that affects Intel, AMD, and for the first time ARM chips – and yes, that means that on top of your normal desktop PCs and laptops mobile devices are affected now, too.
Variant 4 targets the same security hole as its predecessors, the speculative execution that modern CPUs use to gain even more performance. Theoretically, the exploit could lead to cybercriminals gaining access to personal data like passwords and more which is something everyone tries to avoid of course. The worst part: the vulnerability could be triggered via web browser while you are surfing online.
Update your browser NOW
There’s no reason to panic though. According to Intel’s Leslie Culbertson “most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today.”
That basically means that if you keep your browser up to date – which you should do no matter what – you are golden. If you don’t, update NOW. By the way, that goes for any piece of software you have on your PC: always install the latest patches. If you don’t want to deal with it, install a software updater that does it for you.
Happy End? Yes and no.
While you should be safe enough with the browser update, the story doesn’t end here. Intel will at some point in the near future release some patches for its processors which will come with a huge handicap. If you install them your PC might lose speed and get up to 8% slower. The good news: you can opt to turn the SSB-mitigation off. That will fix the speed problem. The bad news: It will make you more vulnerable to potential attacks again.
How will you decide? Let us know in the comments below.
This article is also available in: German