The year began with horrible news for CPU manufacturers after two security flaws, named Meltdown and Spectre, were discovered. Back then it was speculated that fixes could slow down an OS by 30% to prevent the device from malware.
A fix was issued by manufacturer and when it turned out it’s not that bad the hysteria started to die down. Now however it might return in full for as eight more vulnerabilities, dubbed Spectre-NG (New Generation), were revealed and they are classed as “high risk”, compared to the first Spectre that was “medium”.
One of the Spectre-NG flaws simplifies an attack on the system boundaries, making the threat potentially more significant. Getting into detail, c’t explains an attacker might launch an exploit code in a virtual machine and attack the host from there – for example, a server of a cloud. That way the malware could spread to everyone connected to the same server, leaking passwords and private info.
The danger for private individuals and corporate PCs is rather small since there are other weaker points of access. Intel said that it “will share additional details on any potential issues when mitigations are finalized”.
News credit : Gsmarena