A team of cybersecurity researchers has discovered a total of eight new “Spectre-class” vulnerabilities in Intel CPUs. This vulnerabilities also affects a small number of ARM processors and may have an impact on AMD processor architecture as well.
These eight new flaws are named Spectre-Next Generation or Spectre-NG, and four of them are classified as “high risk” and the remaining four as “medium.”
The new CPU flaws originate from the same design issue that caused the original Spectre flaw, but one of the newly discovered flaws allows hackers with access to a virtual machine (VM) to quickly target the host system, making it more threatening than the original Spectre vulnerability.
The spectre-ng vulnerability can be exploited quite easily for attacks across system boundaries, elevating the threat potential to a new level. For example, Cloud service providers such as Amazon or Cloudflare and their customers are particularly affected.
We said it before, and we are saying it now: anything can be hacked. Remember that it is essential for every user and company to add extra measures of cybersecurity. Every user must use only the best cybersecurity solution like an antivirus for Windows or antivirus for Mac depending on which OS their device is running. Also, every company must go an extra step to obtain the best cybersecurity measure; this can be done by hiring a cybersecurity firm that will attack purpose the company’s network of revealing its most destructive and dangerous flaws.
This kind of deliberate attacks is done through specialized cybersecurity tests like penetration test and ethical hacking tests.
If you don’t remember any Spectre vulnerability relies upon a side-channel attack on a processors’ speculative execution engine that allows a malicious program to read sensitive information, like passwords, encryption keys, or confidential information, including that of the kernel.
Disclosing Spectre NG vulnerabilities to vendors is a good practice, but in this case, the researchers, who discovered the new series of Spectre-class flaws, are avoiding it—may be to prevent media criticism similar to the one after they disclosed partial details of AMD flaws.
When asked about this new flaws Intel provided the following statement:
“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chip makers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers.”
“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”
Remember that the Spectre-NG vulnerabilities reportedly affect Intel CPUs, and there are also affect at least some ARM processors, but the impact on AMD processors has yet to be confirmed.
Intel has already acknowledged the new Spectre-NG vulnerabilities and is planning to release security patches, one in May and second is currently scheduled for August.
Microsoft also plans to fix the issues by releasing a security patch with Windows updates in the upcoming months.
However, it’s currently unknown if applying new patches would once again impact the performance of vulnerable devices, as it happened with the original Spectre and Meltdown vulnerabilities earlier this year.
Because we want you to stay safe and secured in front of all vulnerabilities, we recommend implementing a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending of which OS are your machines running. We also suggested that every company must hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.
For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.