The report comes five months after becoming aware of the serious security gaps «Spectre» and «Meltdown» Intel consider the information about the new generation of «spectre»-Schwachstellen but still a secret, the magazine reported Thursday.
Lever «Spectre» and «Meltdown» security mechanisms aimed at preventing that programs can freely retrieve data from the memory of a computer. The fuse is tricked, appropriate software to actually protect memory areas of the operating system or other programs can access and read such passwords and crypto key.
According to estimates by «c’t» the new attack scenarios are similarly classified as gaps that came last January in the light of the public. «One of the new gaps attacks across system boundaries, however, simplified across so strong that we classify the threat potential much higher than at specter.»
Providers of cloud services such as Amazon or Cloudflare, and of course their customers «, declared Jürgen Schmidt, security expert at the» were particularly affected c’t «.» Passwords for secure data transmission are very popular destinations and acutely vulnerable to these new loopholes.»
The concrete risk for individuals and company computers is, however, rather low, because there is where normally other, easier-to-use vulnerability. «Even if there is no reason to panic, you must take the new security vulnerabilities seriously.»
«When the first bug fixes (» patches «») for the new specter gaps coming, it is not clear so far.» Apparently Intel is planning two patch waves, «said Schmidt.» A first to roll already in may; a second one is planned for August.» “Intel level four of the new vulnerabilities even at high risk, the risk of the other four will be using» medium” rated.