Researchers at Microsoft and Google’s Project Zero have released information about a new vulnerability, a so-called fourth variant of the Meltdown and Specter vulnerabilities, which can cause security issues especially when using certain browsers.
Intel says that the patches already released for the earlier variants will also work for the new fourth variant, but despite this, the company has already released microcode and software updates specifically for the fourth variant. Certain vulnerabilities are disabled by default, so users must manually enable them. Intel says it expects motherboard manufacturers to make patches available in the form of bios updates in the coming weeks. These can have a negative impact of 2 to 8 percent on performance. AMD and ARM also come with patches.
The Specter and Meltdown vulnerabilities were revealed in January and allow kernel memory readouts. Meltdown almost exclusively affects Intel processors, while Specter also affects ARM and AMD, among others. Meltdown allows the reading of kernel memory, while with Specter this applies to processes.