A Google Project Zero hacker just made the “Variant 4” public. Here’s how this vulnerability works and how you can keep your protect your device.
What is Variant 4?
Variant 4 is a speculative store bypass that exposes sensitive data through a side channel. It was first discovered by security researcher Jann of Google Project Zero.
Tagged CVE-2018-3639, this vulnerability poses a moderate risk to users.
The reason behind this is that the prior knowledge of the older variants of Spectre vulnerability allowed Intel to promptly detect and fix it.
The fourth variant of the Spectre class of vulnerabilities affects the “Speculative Storage Buffer”. This component is common to Intel, AMD, and ARM processors.
How does Variant 4 affect your iPhone?
Variant 4 can be run remotely from a browser such as Safari, Chrome, or Edge.
Although these browsers have already closed the older Spectre vulnerabilities, they still require protection from version 4.
Here’s how a browser exploit based on this vulnerability works.
- Variant 4 allows the attacker to access the speculative storage buffer of your smartphone.
- This fools the processor into believing that the attacker is accessing data from a different part.
- Attacker gains access to your sensitive information such as passwords, bank account numbers, credit card data, etc.
You can watch the full video below for an in-depth explanation by the experts at RedHat.
Thankfully enough, Intel has confirmed that there exists no exploit based on this vulnerability.
However, that is bound to change in the future and security of your device is of utmost importance.
How can you protect your device?
All you need to do to protect your device is install a patch from your smartphone manufacturer. Almost all device manufacturers have sent out alerts informing the users about this bug.
However, Intel’s patch is currently available only for select partners. The general public will receive this patch in the coming weeks through their respective device manufacturers.
Apple is quick to release security updates and you can expect an update today itself.
According to Intel, a patch for Variant 4 lead to a general performance decrease of 2-8% in benchmarks. Therefore, devices with affected processors will experience a slowdown after installing the required patch.
All things considered, this update
For more security news and updates, follow us on Facebook and Twitter.