Intel has confirmed the discovery of at least two more side-channel security vulnerabilities relating to the Spectre family of attacks in its processors, paying out a $100,000 bug bounty to the researchers who discovered them.
The latest in a string of hardware-baked security vulnerabilities affecting the majority of the processors on the market today, Spectre 1.1 and Spectre 1.2 are, as their names suggest, sub-variants of the already-known Spectre Variant 1 side-channel vulnerability. Like their parent vulnerability, the attacks allow unprivileged code to infer the contents of memory to which it should not have access - up to and including reading passwords and cryptographic keys.
Discovered by Vladimir Kiriansky and Carl Waldspurger, who have published a paper explaining their findings, Intel has confirmed the vulnerabilities via its open-source security incident response team, paying $100,000 through its bug bounty programme. Quick to point out that the vulnerabilities potentially affect rival chips from AMD and Arm, the company has warned that 'most modern operating systems are impacted' and is, as seems to be common for these vulnerabilities, relying upon a software patch to mitigate the risk rather than releasing a microcode update.
Intel has, however, pledged more regular microcode updates for its products - including, hopefully, ones which patch these latest vulnerabilities. Under its new schedule, the company will release updates every three months - giving security researchers and system administrators time to plan out how the updates will be tested and rolled out, taking a leaf from Microsoft's monthly Patch Tuesday cycle.
Intel has issued the following statement, reproduced in full: 'As we continue working with industry researchers, partners and academia to protect customers against evolving security threats, we are streamlining security updates and guidance for our industry partners and customers when possible. With this in mind, today we are providing mitigation details for a number of potential issues, including a new sub-variant of variant 1 called Bounds Check Bypass Store, for which mitigations or developer guidance have been released. More information can be found on our product security page. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel.'