Intel says that following the Google Project Zero (GPZ) disclosure of speculative execution-based side-channel analysis methods back in January that it has continued working with researchers around the world to figure out if similar methods could be used in other areas. Intel says that it expected side-channel exploits would follow a predictable life cycle, and has expanded its bug bounty program to support and accelerate the identification of new methods.
Intel’s Leslie Culbertson says that the response to that program and been “encouraging.” Because of that continued work, Intel and other industry partners are offering details and mitigation information for a new derivative of the original vulnerabilities affecting chipmakers. The new derivative is dubbed Variant 4 and was disclosed jointly by GPZ and Microsoft’s Security Response Center (MSRC). Intel is clear that as of now there has been no report of this method being used in real-world exploits.
Intel says that Variant 4 uses speculative execution, which is a feature common to most modern processor architectures, and exposes specific types of data via side channels. Variant 4 specifically was demonstrated by researchers using a language-based runtime environment. Intel says that no successful browser exploit is known. Mitigations that were deployed for Variant 1 starting last January are also applicable to Variant 4 and are already available for consumers to use. Intel and its partners are offering an additional mitigation for Variant 4 that includes a combination of microcode and software updates.
The microcode mitigation for Variant 4 was has already been delivered to OEM system manufacturers and system software vendors in