Eight new Spectre security flaws have been discovered by Intel, months after the Spectre and Meltdown flaws first appeared. Dubbed as Spectre Next Generation (NG), Intel has classified four of the eight vulnerabilities as “high risk”. The remaining four were classified as “medium risk”.
At the time of writing, Intel did not reveal any technical details about the vulnerabilities. However, the risks and attack scenarios of Spectre NG appear to be similar to the original Spectre. The new vulnerabilities seem to affect cloud hosting and cloud service providers, and attackers could use the security flaw to gain access to data transfers and compromise secure data.
Additionally, German tech site Heise said that some ARM CPUs are vulnerable to Spectre NG. It did not say if AMD processors were affected by the vulnerabilities, or how severely affected they were.
The original Spectre flaw was first discovered back in January, alongside with the Meltdown vulnerability. Compared to Meltdown, Spectre was reportedly more difficult to exploit, and seemed to largely affected older Broadwell and Haswell CPUs.
Intel initially released a security patch that same month, but then told its customers not to install it when reports about PCs being stuck in reboot cycle after the patch began appearing. Intel eventually release a revised security patches to the Spectre flaw a month later, but only for sixth to eighth-gen CPUs, as well as Xeon Scalable and Xeon D CPUs.
Intel is already working on patching up Spectre NG, alongside OS manufacturers such as Microsoft. The patches will be released in two batches; the first batch is slated to arrive this month, while the second batch will arrive in August.