In what seems a never-ending story, 8 new Spectre variants were detected, and they affect Intel processors. Intel classifies 4 of the variations as medium risk, but the other 4 are rated as high risk, meaning that they are really dangerous, prompting Intel to act immediately.
It seemed that we were experiencing a period of relative calm after the chaos involving the Meltdown and Spectre vulnerabilities, especially for Intel, as the company was the most affected by these two threats (although it seems that users did not care as much, given the last quarterly financial report). Intel has been releasing microcode updates for processors as old as 2011’s Sandy Brige.
These updates (along with the OS patches released for Microsoft Windows, Apple MacOS and Linux) managed to create a feeling of security that has now vanished, as 8 new Spectre variants for Intel processors were discovered. In some cases, these variants make it easier to install exploits on the targeted computers, which is something that was difficult to achieve with the original Spectre variant.
With the new Spectre variants, virtual machines can be infected using another virtual machine
One of the problems created by Spectre NG (Next Generation) is that it makes it easier for the attacker to infect a virtual machine by using another virtual machine with the code that is used to exploit the Spectre NG vulnerability, meaning that it attacks the host from a cloud server. It can also attack other virtual machines connected to the same server. By the way, the Software Guard Extensions (SGX) used to protect the cloud servers’ passwords are not safe from these Spectre variants.
In the end, the current processors lineup seems like a Swiss cheese given all the security holes it has, but when one is fixed, another one appears. It seems that the problem lies in the approach taken in terms of the security of the processors’ internal architectures, as they seem to have been left aside given that the big manufacturers’ design departments are not paying much attention to them.
Additionally, we know that these vulnerabilities affect Intel, but we do not know if they also affect AMD. Maybe if Meltdown affected Intel exclusively, Spectre is the opposite.