The Spectre Bug Returns With Eight New Variants, With Four Of Them Critical

Keeping vulnerabilities quiet is very difficult, and here the Spectre bug is back with eight new variants.

It was reported that researchers have found a series of vulnerabilities that take advantage of the same issues in the original Spectre and Meltdown incidents.

The discovery happened just 5 months after the original CPU flaw was made public.

The flaws have collectively been dubbed Spectre Next Generation, or Spectre NG, with each of the eight security holes in Intel CPUs requires their own patches in order to fix.

Of the eight, four have been considered "high risk" and four "medium risk."

The four high-risk Spectre NG vulnerabilities are classified as the most dangerous and could pose a serious threat to servers and hosting providers. Through these bugs, those who are looking to exploit could hack their way into Intel CPUs to access data outside of their container and potentially retrieve secure data from the host machine.

They have similar characteristics as the original Specter, except for one which is capable of exploiting much further down in the boundary crossing.

This particular one, is capable of launching malicious process in one virtual machine, which enables it to read data from the cache of another virtual machine or from the hypervisor. This behavior bridges the gaps and simplifies cross-system attacks, significantly increasing the potential impact of a breach.

Passwords and access keys are cited as the data that pose the most threat, particularly within machines running cloud services.

Each of the vulnerabilities have its own number in the CVE directory.

Chips with eyes

For ordinary users, these flaws' threats are fairly low. Hackers can have a hard time in gaining access to a machine locally, and there are easier ways for hackers to go about extracting data from standard PC users, instead of exploiting these Specter NG flaws.

Intel plans to deliver two waves of patches; the first on May, and the second on August. Intel is also working with operating system providers in order to work on their own fixes and preventative measures.

It's also reported that AMD chips are not free from these bugs as well. AMD processors using ARM architecture could be vulnerable, although further research on this is going to be required.