Buzz
Intel, alongside Google and Microsoft, has just disclosed the exploitation of the fourth Spectre CPU security vulnerability (referred to as Variant 4) utilizing speculative execution techniques to leak certain data through side channels.
Intel unveils specifics of the fourth Spectre CPU security vulnerability.
This attack is known to operate in language-based environments, akin to the arrangement seen in browsers (JavaScript), although Intel has yet to disclose evidence of successful browser-based exploits.
Similar to previous vulnerabilities, the new issue affects most modern chip architectures, including many of Intel's CPUs over the past few years.
The good news is many similar patches for previous Spectre and Meltdown variants have seen a slight reduction compared to Variant 4. It's highly likely that Intel and partners (including PC manufacturers and operating system providers) will release BIOS software fixes next week.
However, this release will be disabled by default, Intel estimates about a 2 - 8% performance hit in benchmarks, and evidently, this move by Intel is reluctant to impose on users unless there's evidence of natural exploits.
Of course, there won't be any permanent solution (completely immune to vulnerabilities rather than just mitigating their impact) for vulnerabilities like Spectre until Intel and competitors release chip updates.
Currently, Intel has introduced core i3, i5, i7, and the latest core i9 chips. To understand more about this type of chip, refer to the article comparing Intel core i3 vs i5 vs i7, which one to buy, and the article Understanding Core i9 here with features and technical specifications.
Recently, there have been numerous incidents of buying, selling, and leaking user data exposed. Facebook and Google, giants in the industry, are under scrutiny for this issue, and most recently, the parental control app TeenSafe leaked user information, including children's Apple IDs. However, this issue arises due to poor security measures by the developers rather than intentional user data exposure.
