There’s no need to panic, though.
It looks like researchers are still looking into the notorious Spectre and Meltdown vulnerabilities. It’s true that manufacturers have released various patches that address these issues, but it appears that there are more attack paths than originally estimated. A team of nine researchers has just discovered seven new vulnerabilities, all of which have received proof-of-concept code demonstrations. Fortunately, existing patches should stop all of them, so there’s no reason to panic at all. Two of these issues exploit the Meltdown vulnerability. While Meltdown-PK bypasses memory protection keys on Intel processors alone, Meltdown-BR exploits x86 instruction paths in AMD and Intel chips.
What about the other five?
Well, they all target Spectre variations, and they affect Intel, AMD, and ARM processors. Even though the researchers have presented their findings to these manufacturers, they received disappointing responses. AMD didn’t even acknowledge the findings, while Intel doesn’t agree that it should issue a new patch. Here’s Intel’s official statement on the matter:
“The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continue to be a critical priority for us and we are thankful to the teams at the Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research.”
So what does this mean for the average user? In general, as long as you keep your devices up to date, you shouldn’t worry too much. Indeed, nobody really discovered actual attacks exploiting Spectre or Meltdown. Moreover, researchers expected to eventually find different branches of the original vulnerabilities such as these.
