In January, the world was introduced to a new class of security threats, Meltdown and Spectre, which allowed attackers to exploit vulnerabilities in microprocessors.
Meltdown And Spectre
Almost every kind of computing device under the sun, from servers and laptops to smartphones and tablets, was at risk. The security flaws, which affected the microprocessors or chips in many of these electronic devices, allowed hackers to gain access to personal data by exploiting the speculative execution feature built into the chips to help them run faster.
As a result, chip manufacturers and software makers, including Intel, Nvidia, Apple, and Microsoft, scrambled to issue patches against Spectre and Meltdown and work on the slow performance issues that cropped up as a result.
Google And Microsoft Disclose New CPU Flaw
On Monday, May 21, Google and Microsoft jointly announced a new kind of security flaw similar to Meltdown and Spectre that affects computers and devices powered by AMD, ARM, and Intel CPUs.
The new vulnerability, referred to as the Speculative Store Bypass (SSB) or Variant 4, also manipulates the speculative execution function of a CPU and pave the way for hackers to access private and sensitive information.
Intel Delivers Mitigation To End Users But Warns Of Slow Performance
Intel has rated the new security vulnerability as a "moderate" threat, as many of the risks have already been tackled by patches that were rolled out by software makers earlier this year in order to protect devices from Meltdown and Spectre.
However, Intel has a patch ready to go and has already made the mitigation for Variant 4 available to original equipment manufacturers (OEMs) and system software vendors. The company has left it up to them to decide whether or not they want to implement the same.
The chip manufacturer also said that it intends to keep the mitigation switched off by default, as it could have a negative impact on performance
"If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test systems," explains Leslie Culbertson, Intel's security chief.
Therefore, end users will have to make the tough choice between security or performance, and it will all boil down to individual systems and servers and the reality that the new security vulnerability does not pose as much of a risk as Spectre and Meltdown.