Deleted member 65228


Level 33
source (ghacks.net): Spectre Next Generation vulnerabilities affect Intel processors - gHacks Tech News

Intel is facing another wave of reported security issues that affect the company's processors. The vulnerabilities, called Spectre Next Generation or Spectre NG, have not been disclosed publicly yet.

A report on the German computer magazine site Heise suggests that eight new vulnerabilities were reported to Intel recently. Intel gave four of the eight vulnerabilities a severity rating of high and the remaining four a severity rating of medium according to Heise.

The exploitability of one of the vulnerabilities appears to be higher than that of previous issues as attackers may abuse the issue to break out of virtual machines to attack the host system or other machines, reports Heise.

Companies that provide cloud hosting or cloud services are primary targets for the vulnerability as attackers may exploit it to gain access to data transfers and data.
Closing Words
Be prepared for another round of updates that patch Spectre issues and side-effects such as performance drops. It seems likely that the eight new vulnerabilities are not the last that we will see in the coming years.
Now You: How do you deal with Spectre and Meltdown? (via Born)


Level 42
Intel should be required to replace all of these junk chips. (preferably with AMD, lol)

More Spectre-style chip flaws discovered in Intel processors

More waves of patches to plug security holes in processors are on the way, after the discovery that Intel is working to patch more Spectre-style issues in its chips, with eight new vulnerabilities said to be found by security researchers following the Spectre and Meltdown fiasco from earlier this year.

The eighth vulnerability is apparently an exception, potentially posing a greater threat than Spectre itself, as it could allow an attacker to launch an exploit in a virtual machine (VM) as a way to attack the host system. Largely affecting enterprise, as well as some individual users who operate VMs privately, the vulnerability could also be used to attack other VM instances on the same server, and due to Intel's Software Guard Extensions (SGX) not being"Spectre-safe," it could also intercept passwords and keys transmitted between VM instances.

Intel has issued a statement ahead of the potential disclosures, effectively confirming the vulnerabilities exist. The company says it routinely works with other parties to "understand and mitigate any issues that are identified," that it strongly believes in the "value of co-ordinated disclosure," and reminds users to keep their systems up to date.