Now here is another report emerge which claims that more eight new Spectre class bug including one found by Google's Project Zero is affecting Intel CPUs. German tech site Heise.de, reports that all the bugs were reported to Intel and Intel team is already working on fixing it. Moreover site reports that all the bugs have been assigned with CVE Id's.
Here is a worst thing is that, one of the bug will be revealed by Project Zero on May 7, a day ahead of Patch Tuesday, which Microsoft recently begun using to distribute Intel's hardware patches or microcode updates. Site also claims it has concrete evidence that Intel processors are vulnerable to the new flaws and that the chipmaker has patches in the works. AMD CPUs may also be vulnerable and further research on that issue is under way.
So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent. Intel is already working on its own patches for Spectre-NG and developing others in cooperation with the operating system manufacturers- Heise Post reads.
Just a day ago, Intel have issued a cryptic statement titled "Addressing Questions Regarding Additional Security Issues".
Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, - Post reads.Report also claims that all flaws was reported to Intel and chipmaker marked four flaws as "High Risk" and another four as "Medium". Four Bug marked as High Risk, as it impact cloud providers due to an ability to attack a host system from a virtual machine, allowing an attacker to extract secrets and passwords from the host machine's memory.
The original Spectre bug was pretty difficult to exploit but this new Flaws are easy to exploit.