Together with Google and Microsoft, Intel has recently disclosed (via MacRumors) a new Spectre-like vulnerability called “Variant 4”. This isn’t Spectre but it is similar to how Spectre functioned, where it could take advantage of the speculative execution mechanism of a CPU to allow hackers to potentially gain access to sensitive information on an affected device.
The good news is that this has been classified as a “moderate” severity because according to Intel, the exploits that Variant 4 uses have already been addressed through various mitigations that software makers and OEMs have used to patch Meltdown and Spectre. However this doesn’t mean that Intel will ignore it as the company is planning to release a full mitigation option that will prevent it from being used in other ways.
According to Intel, “This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark(R) 2014 SE and SPEC integer rate on client1 and server2 test systems.”