Spectre 2 looms large with 8 potential security flaws

News
By published

Intel releases statement that talks about coordinated disclosure

Security

There’s some worrying news on the security front today, with the revelation that eight fresh Spectre-class flaws have been discovered – and Intel has issued a statement on the matter.

These new bugs have been reported by German tech site Heise.de, and it has dubbed them Spectre-NG or ‘Next Generation’, claiming that Intel processors are vulnerable, and that AMD’s chips may also be affected.

Four of the flaws are labelled ‘high risk’ affairs, and all of them have been given their own CVE numbers (Common Vulnerabilities and Exposures reference number). Heise believes that one vulnerability in particular represents a major danger, as it can be exploited across the boundaries of virtual machines (enabling attacks on the host system via the VM).

As mentioned, Intel has reacted to this by posting an article which addresses ‘questions regarding additional security issues’.

How to protect against Spectre and Meltdown

Meltdown and Spectre

For the latest on how to protect yourself from Spectre and Meltdown, read our comprehensive guide.

Critical priorities

Intel’s Leslie Culbertson, executive VP and general manager of Product Assurance and Security, writes: “Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers.

“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

In other words, Intel seems to be acknowledging the issue, and letting us know that a coordinated disclosure on the problems, and the relevant fixes, is imminent. Once again, it seems that details of the bugs have leaked ahead of the time Intel intended to reveal them, as happened with the original Spectre and Meltdown vulnerabilities back at the start of the year.

We’ll only know for sure when Intel confirms the existence of these bugbears, of course.

For now, though, it seems to be the case that more Spectre nastiness is about to cast a gloomy shadow on the computing world…

Via ZDNet

TOPICS
Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
best of Studio Ghibli movies Netflix

I refuse to jump on ChatGPT’s Studio Ghibli image generator bandwagon because it goes against everything I love about those movies
See more latest
Most Popular
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA