Very often a significant security flaw is followed by new derivatives of the same exploit. Following the widely popular Spectre and Meltdown speculative execution attacks, there were predictions that more flaws of similar nature will hit PC owners pretty soon.
The blog further states that the mitigations shipped for Variant 1 by most leading browsers have made the Variant 4 exploit difficult. However, for complete protection, the company is working with different partners to ship software and microcode updates.
Variant 4 has been classified as a medium severity risk by Intel and Google’s Project Zero; Microsoft has published a security advisory as well. Initial Linux patches have also been freshly baked.
It’s worth noting that the upcoming fix will be off by default and vendors will have to make the final decision of enabling it. The company also acknowledged that the performance of systems could witness a decline between 2-8%.
The post also mentions microcode fix for Variant 3a, which was documented by Arm in January, hasn’t resulted in any performance hit. The company plans to bundle both updates together.
What are your views on this development? Share your thoughts and keep reading Fossbytes.