Five months after the serious Spectre and Meltdown vulnerabilities became known, researchers have found eight new security gaps in Intel processors, the magazine reported on Thursday. However, Intel is still keeping the information on the new generation of Spectre vulnerabilities secret.

Spectre and Meltdown undermine security mechanisms that are designed to prevent programs from retrieving data from a computer's memory at will. If the security is compromised, the corresponding software can access memory areas of other programs or the operating system that are actually protected and thus read passwords and crypto keys, for example.

According to "c't", the new attack scenarios are similar to the vulnerabilities that came to light last January. "However, one of the new vulnerabilities simplifies attacks across system boundaries so much that we classify the threat potential as significantly higher than with Spectre."

Providers of cloud services such as Amazon or Cloudflare and, of course, their customers are particularly affected, according to Jürgen Schmidt, security expert at "c't". "Passwords for secure data transmission are highly sought-after targets and are at acute risk from these new vulnerabilities." The concrete danger for private individuals and company PCs, on the other hand, is rather low because there are usually other, easier-to-exploit vulnerabilities. "Even if there is no reason to panic, the new vulnerabilities must be taken seriously."

It is not yet clear when the first bug fixes (patches) for the new Spectre vulnerabilities will be released. "Apparently Intel is planning two waves of patches," said Schmidt. "The first is due to roll out in May. A second is planned for August." Intel itself classifies four of the new vulnerabilities as high risk, while the risk of the other four is rated as "medium".

Overall, the new vulnerabilities show that Spectre and Meltdown were not one-off slip-ups that could be permanently plugged with a few patches. "However, a never-ending flood of patches is not an acceptable solution to the fact that Intel implemented performance optimizations twenty years ago without an adequate security concept," said Schmidt. He called for the CPU design to be fundamentally rethought in order to have a stable IT infrastructure.