2018 immediately started off on the wrong foot for Intel and, consequently, the computing industry at large. Meltdown and Spectre vulnerabilities plagued modern processors, mostly from Intel but also from its rivals, even on some ARM chips. They can never be fully fixed without an entirely new CPU architecture, so all we’re left with are mitigations to lessen the probability of an exploit. Even so, new variants still arise and a fourth one based on Spectre has just been found. Fortunately, at least for now, Intel says there’s little reason to panic.
While Meltdown is more based on a race condition inherent in modern processors, the Spectre vulnerability takes its name from speculative execution. Processors are so smart that they try to predict what path a code may take. A wrong prediction, however, leaves some observable side effects (a spectre, so to speak) that could give attackers access to private data through a side channel.
So, yes, another strain of Spectre has been found. The good news is that Intel says it is not aware of any successful attempt at exploiting it yet. For one, many of the mitigations that have already been released for Variant 1 (original Spectre) are also applicable to Variant 4. But for good measure, Intel is still releasing a new microcode and software update for it.
That said, those mitigations, like all previous ones, do have a performance impact. Intel says it’s as low as 2 to 8 percent, which may still be too high for some. Considering the extremely remote possibility of someone actually using the exploit, Intel will be turning the mitigation off by default when the update arrives, leaving users with the choice to turn it on themselves if they want to.