INSUBCONTINENT EXCLUSIVE:
Authors: JordanThere’s some worrying news on the security front today, with the revelation that eight fresh Spectre-class flaws have been
discovered – and Intel has issued a statement on the matter.These new bugs have been reported by German tech site Heise.de, and it has
dubbed them Spectre-NG or ‘Next Generation’, claiming that Intel processors are vulnerable, and that AMD’s chips may also be
affected.Four of the flaws are labelled ‘high risk’ affairs, and all of them have been given their own CVE numbers (Common
Vulnerabilities and Exposures reference number)
Heise believes that one vulnerability in particular represents a major danger, as it can be exploited across the boundaries of virtual
machines (enabling attacks on the host system via the VM).As mentioned, Intel has reacted to this by posting an article which addresses
‘questions regarding additional security issues’.Critical prioritiesIntel’s Leslie Culbertson, executive VP and general manager of
Product Assurance and Security, writes: “Protecting our customers’ data and ensuring the security of our products are critical
We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are
identified, and part of this process involves reserving blocks of CVE numbers.“We believe strongly in the value of coordinated disclosure
and will share additional details on any potential issues as we finalize mitigations
As a best practice, we continue to encourage everyone to keep their systems up-to-date.”In other words, Intel seems to be acknowledging
the issue, and letting us know that a coordinated disclosure on the problems, and the relevant fixes, is imminent
Once again, it seems that details of the bugs have leaked ahead of the time Intel intended to reveal them, as happened with the original
Spectre and Meltdown vulnerabilities back at the start of the year.We’ll only know for sure when Intel confirms the existence of these
bugbears, of course.For now, though, it seems to be the case that more Spectre nastiness is about to cast a gloomy shadow on the computing
