A few days ago, Intel and ARM chips were found to be affected by a new Spectre vulnerability. Dubbed Spectre V2, AMD processors were thought to avoid the issue but new research shows that AMDs mitigation efforts to be inadequate.
The team of researchers from the Vrije Universiteit Amsterdam (via Tom's Hardware) in the Netherlands demonstrated a new Spectre attack that bypasses hardware mitigations put in place by Intel and ARM over the last few years. AMD was thought to be immune, or at least not significantly impacted but Intel have since revealed that AMD's chipset can present vulnerabilities. Since then, AMD released a security notice that confirms its vulnerability.
Spectre is a security vulnerability that affects modern microprocessors that perform speculative branch prediction. A side effect of this is the possibility of revealing data to attackers. Though Spectre itself dates back to 2017, similar vulnerabilities have been present for many years.
Beginning in 2018 security measures were put into place including OS updates, BIOS microcode mitigations and eventually, hardware fixes. However it looks like these measures weren't enough to prevent further exploits.
How to buy a graphics card: tips on buying a graphics card in the barren silicon landscape that is 2022
“The mitigations [implemented by Intel and Arm] work as intended, but the residual attack surface is much more significant than vendors originally assumed,” the researchers explained.
While end users are unlikely to fall victim to a Spectre attack, its still advisable to install the various protection updates as they become available, even if they can lead to a loss of performance. Luckily, many apps can be coded with little if any performance penalty, but code run via a web browser should be run with mitigations in place.
So, while news of new vulnerabilities are unwelcome, it’s important not to panic. It’s believed that these risks are rarely, if ever exploited. Malicious actors use easier methods to get what they want so as long as you keep your system up to date, there’s little, if anything to worry about.