UPDATE -
We received an official statement from Intel on this matter, as follows:
'As security threats continue to evolve, we continue to work with industry researchers, partners and academic institutions to protect our customers. We also make it as easy as possible for industry partners and customers to simplify security updates and guidelines. So today We provide details of security defenses for potential threats, including a new sub-variant of variant 1 (known as Bounds Check Bypass Store). Defenses or developer guides for this variant have been released. For more information, please refer to our product safety page. Protecting customer data and ensuring the safety of our products is always Intel's top priority.
Intel released a total of 13 mitigation measures to address potential security risks on Tuesday.
Includes patches for Spectre v1 (ghost vulnerability, bypassing boundary storage) variants and bugs where local users can read BIOS and administrator passwords from memory leaks (CVE-2017-5704, 4th to 7th generation Core platforms) .
The variant of Ghost v1 is the first public, allowing malicious code to potentially change functions using speculative execution on Intel computers and notifying the returned addresses in other threads to the hijacked application.
TheReg confirmed that This is the first centralized release of Intel's quarterly security patch. In other words, Intel will focus on the release of security patches on a quarterly basis. It looks very much like 'good teammates' Microsoft's Patch Tuesday (Tuesday Patch Day, the second Tuesday of each month for system patch updates).
Of course, considering that consumers rarely have the habit of downloading 'patches' directly from Intel's official website, Intel's security updates are more likely to be released by joint partners. According to the report, Motherboard, OEMs got this wave of Intel patches in March. , has been conducting deployment testing.
At the beginning of the year, Spectre and Meltdown vulnerabilities caused an uproar in the industry, including Intel products 'the deepest injury'.
Intel's quarterly security update program is on the one hand to address variant attacks of underlying vulnerabilities like ghosts, and is also a sign of their new emphasis on security issues.
