Well, the time has come, the latest installment in of our favorite saga is finally upon us, and we can't wait to see where the story is going next. No, I'm not talking about the Solo: A Star Wars Story, I'm talking about the saga that is the Meltdown/Spectre chip flaws, of course.
The latest installment in the years biggest, seemingly never-ending security story is here: researchers at Microsoft and Google have discovered a new, fourth variant of the Meltdown-Spectre security flaws plaguing modern processors.
Meltdown can be exploited by normal programs to read the contents of private kernel memory, whereas Spectre allows, among other things, user-mode applications to extract information from other processes running on the same system. Spectre can also be used to extract information from its own processes. Needless to say, this was a big deal.
This new, fourth variant affects modern processors from Intel, AMD, Arm, and IBM—that is to say, it affects a lot of devices, including millions of mobile devices worldwide.
While this seems scary, the vulnerability is actually quite difficult to exploit, and no exploits have been spotted in the wild as of yet. Microsoft says that the risk to users from this bug is "low," and it should be noted that some programs and operating systems are already protected from speculative execution attacks by previous patches meant to mitigate the initial Meltdown/Spectre flaws. Nonetheless, the new vulnerability gives us an idea of just how deep this flaw goes, and I have no doubt this isn't the last we've heard from this flaw, and that we'd be seeing more exploits for out-of-order processors soon.