FRANKFURT (Reuters) - Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday.
The magazine, called c’t, said it was aware of Intel Corp’s plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan’s Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable.
Meltdown and Spectre bugs could reveal the contents of a computer’s central processing unit - designed to be a secure inner sanctum - either by bypassing hardware barriers or by tricking applications into giving up secret information.
C’t did not name its sources because researchers were working under so-called responsible disclosure, where they inform companies and agree to delay publishing their findings until a patch can be found.
The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7.
Intel shares were down 0.3 percent in afternoon U.S. trading, in line with a decline in the Nasdaq Composite Index. An Intel representative declined to comment on the vulnerabilities described in c’t magazine.
In a statement on its website, Intel said it routinely works closely with customers, partners, other chipmakers and researchers to mitigate any issues that are identified, and that part of the process involved reserving blocks of CVE numbers.
“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations,” the statement said.
Representatives with AMD and ARM could not immediately be reached for comment. Google did not immediately respond to a Reuters request to comment.
Reporting by Douglas Busvine, additional reporting by Laharee Chatterjee in Bangalore. Editing by Jane Merriman