New Spectre-Style Vulnerabilities Discovered
If you are passionate about tech, you will surely remember Meltdown and Spectre, two CPU-based vulnerabilities that have existed in most processors since 1995, but were discovered only a few months ago.
And while Meltdown has been successfully patched through various OS updates, Spectre was much harder to patch. Why? Because the "fix" will only work by disabling certain CPU sections, and thus diminishing the performance of your phone, tablet, laptop or desktop computer. Some people have reported significant slowdowns after applying the needed patches - up to 30%! But in the end, all the problems were fixed.
Or so it seamed back then. Because two MIT researchers have discovered a new set of Spectre-style vulnerabilities, a direct consequence of the imbalanced CPU speed vs. security ratio. According to their report, an attacker could use speculative data stores to create speculative buffer overflows, and then execute malware code on the targeted devices.
These new vulnerabilities can be run on Intel, AMD and ARM processors, regardless of the operating systems that they are using. The vulnerabilities are almost impossible to fix, but hopefully the CPU makers will prevent them from appearing in the next generations of their products.
As always, you should keep the OS patched. New operating system updates will fix at least some of the problems, but they may slow down your devices as well. Modern, fast CPUs shouldn't be that affected; devices that incorporate older processors will probably suffer a serious performance hit, though.
