Skip to main content

New Spectre-like bug could mean more performance-degrading patches

Speculative Store Buffer Bypass in 3 minutes

A new CPU bug that shares a number of similarities with the Spectre and Meltdown exploits which came to light earlier this year, has been discovered. Termed the Speculative Store Bypass, it already has fixes and firmware updates that have been shipped out to OEMs to distribute, but there is some concern that the patches will impact processor performance when applied.

Speculative Store Bypass is much closer in design to Spectre, in that it exploits the speculative aspect of modern CPUs which helps speed up certain calculations. As Microsoft and Google each discovered in their research though, that speculation is vulnerable to exterior attack and can be exploited to steal data and personal information from a system’s user. With that in mind, new fixes are being developed that will shut down that functionality in affected processors, but as a result, some calculations will take longer to complete — and in some cases, that impact can be significant.

Although the firmware updates are seen as somewhat unnecessary, as earlier improvements to CPU security to prevent against Spectre should provide adequate protection against the new exploit, Intel has provided a full mitigation firmware update as well. The update is currently being distributed by OEM partners, but the patch will not be enabled by default and it will be up to software providers to decide whether they want to use it or not.

“If enabled, we have observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” Intel’s general manager of product assurance and security, Leslie Culberston said.

Considering that this newly announced flaw is harder to exploit than previous variations of the Spectre bug, it may be that most software providers do not choose to leverage the additional protections, as per The Verge. As with Spectre and Meltdown though, permanent fixes for the problem will only be possible through changes to the way the chips are designed and that will involve hardware alterations. Intel has promised that its next-generation CPUs will not be susceptible to these sorts of exploits.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Apple could end antitrust woes by making the iOS App Store more like the Mac’s
iphone xr app store

Apple is having a pretty terrible time right now amid multiple antitrust hearings and a wave of discontent over the fees it charges developers to use its App Store. It all culminated last week with the controversy of Fortnite being removed from the App Store altogether.

But there is one solution that could potentially end Apple’s woes and deal a blow for consumers and developers at the same time: Make the iOS App Store more like the Mac App Store. It is not such a crazy idea. After all, Apple already has looser restrictions on its Macs than on its iPhones. Here’s why it could be exactly what Apple needs to do.
The problem: Apple’s arbitrariness

Read more
Ring’s new Chime Pro 2 might be more like an Echo Flex than its predecessor
ring chime pro 2

Three weeks ago, we were one of the first to spot a Federal Communications Commission filing for a new version of the Ring Chime Pro. Late this week, more details leaked on the device by a reliable source, suggesting that it might gain Alexa smarts and a more prominent front speaker.

Technologist Dave Zatz tweeted a picture of the front of the device on Thursday, confirming our earlier speculation that it has internal antennas. It also shows a much larger (and possibly higher quality) speaker than the previous version, and a blue light reminiscent of those used on Echo devices in the upper right corner, perhaps indicating Alexa support.

Read more