The researchers were able to create new
variants of Meltdown and Spectre with a separate class of cache timing side - channel attack known as Prime + Probe, described in 2015 by several of the researchers who found Meltdown and Spectre independently of Google's Project Zero.
Not exact matches
Its chief U.S. competitor, AMD, which has been gaining ground on Intel, said in a blog post that its chips are not vulnerable to
Meltdown and there is a «near zero risk» from one
variant of Spectre and zero risk from another.
After a few months, they found a solution for
Meltdown and the first
variant of Spectre (two
of the three vulnerabilities), which they then started rolling out way back in September.
Google wants the whole industry to adopt its Retpoline fixes for
Variant 2
of the
Meltdown - Spectre bugs.
While
Meltdown is being taken care
of with software updates, processor redesigns are required to to protect against Spectre
variants.
Of the three side - channel attacks making up Spectre and
Meltdown, the first Spectre vulnerability
variant has essentially been patched via software.
The updates address
Variant 2
of the three
Meltdown and Spectre CPU flaws that Google revealed on January 3 and are released to end - users as firmware or BIOS updates from hardware manufacturers.
While software patches already protected computer configurations with Intel Core chips against
Meltdown variant 1, upcoming generations
of processors will include higher protection built - in.
In addition to this, the company's CEO announced new, redesigned processor lines that will start shipping later this year and will include hardware - based protection for
Meltdown (exploiting CVE -2017-5754, a rogue cata cache load flaw) and
variant 2
of Spectre (exploiting CVE -2017-5715, a branch target injection vulnerability).