In context: Sketchy characters are always looking for ways to take advantage of the general public, and with the power of modern technology, that process has become easier than ever. Indeed, if you were an active internet user throughout 2018, you may remember Meltdown and Spectre - two of the biggest hardware security flaws the tech industry has ever seen.
We've discussed said flaws in more detail in the past, but the gist is that virtually all modern processors take advantage of a technique called "speculative execution" to boost performance and speed up calculations.
Unfortunately, that has come at a cost: Meltdown and Spectre (and their many known or unknown variants) theoretically allow attackers to swipe personal data stored in browsers, password managers, and other parts of a given machine without leaving any evidence behind.
Researchers say that software-based fixes simply aren't enough to protect users against all Spectre and Meltdown variants. To prove their point, they developed their own Spectre attack that has no known patches or solutions.
Part of the reason software alone isn't enough to address all Spectre variants is the lack of consistency. Some fixes only address certain variants, meaning additional mitigation measures have to be taken for more comprehensive protection.
Unfortunately, when those measures are implemented, you can start to see some pretty hefty performance hits, which makes using this mixed-technique approach impractical.
Short of ditching speculative execution outright – which CPU makers probably won't do for performance reasons – there likely won't be a single fix-all approach to Spectre mitigation for years.
We'll need to see a significant leap forward in processor technology, or a similarly-impactful innovation in the security community; and neither of those possibilities seem all that likely to occur anytime soon.