Intel is expected to release patches for the latest Spectre chip vulnerabilities – dubbed ‘Spectre Next-Generation’ or ‘Spectre NG’ – in just under two weeks.
According to German publication Heise, Intel asked the researchers who discovered the new flaws for more time. The company is believed to have set a date of 21 May after pushing back the release date from 7 May.
It would appear Intel hit a number of difficulties getting that patches ready in time, and therefore wants more time to push out a patch before the researchers go public with the specifications of some eight flaws they uncovered.
Intel’s first patch will supposedly fix four “medium-risk” bugs while a second one, due 14 August, will fix the more serious “high-risk” flaws, which affect pretty much all of Intel’s processor line-up, including the datacentre-grade Xeon chips.
The threat Spectre-NG poses is arguably more theoretical than real because they require hackers to have privileged access to a computer or network.
However, the new flaws are somewhat insidious given that they can enable attackers to bypass virtual machine isolation from cloud host systems, and breach the security provided by Intel’s Software Guard Extension.
Such flaws, if exploited, could enable the beach of software that trades on its ability to be secure and robust.
Heise claims that some ARM CPUs are also vulnerable to Spectre-NG, though notes that it remains unclear whether AMD’s CPUs are also at risk and, if so, to what extent.
AMD said in a statement last week that it’s “looking into the matter and wants to share information as appropriate, adding: “Security and protecting users’ data is of the utmost importance to AMD and we are aware of it speculative execution exploits.”
The patches Intel will push out will only be temporary software fixes and mitigations given the Spectre vulnerability exists at the heart of processor architecture. As such, Intel’s next wave of chips designed after the Spectre and Meltdown flaws came to light, will need to have a different design to their predecessor processors in order to banish the spectre of Spectre.
Save this article