Spectre and Meltdown are two serious, recently discovered security flaws tied to CPU hardware. We have a full write-up of the situation available here but the gist is hackers and other bad actors can take advantage of these flaws to access data stored in the memory of programs running on your machine. This data could include saved passwords in browsers, personal emails and more.
While Intel, AMD and other software and hardware companies have banded together to roll out fixes for the situation, they've come at the cost of performance for those with current-gen processors. Intel has since promised their upcoming CPUs won't be vulnerable to these flaws at all but a recent research report may throw a wrench into the works.
A team of researchers from Nvidia and Princeton University seem to have uncovered two new ways to exploit Meltdown and Spectre. These methods, dubbed "MeltdownPrime" and "SpectrePrime," reportedly "pit two CPU cores against each other" to trick multi-core systems into giving up cached data.
The following excerpt from the full research report summarizes these methods:
"In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime -- two variants of Meltdown and Spectre, respectively -- can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.
...MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol."
To be clear, currently available patches and security updates have likely already solved these flaw variants. However, Intel and AMD may need to rethink their upcoming CPU hardware adjustments to factor in this new information.