Down to brass tacks:
- AMD and ARM CPU's are not affected
- Is "speculative" - i.e. this means it's hard to actually exploit, but doable, similar to the SPECTRE and Meltdown attacks.
- Intel has already been informed about the vulnerability
- Researchers are quoted as saying that Spoiler "is not something you can patch easily with microcode without losing tremendous performance"
- Intel also is quoted as saying the following:
"Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."
I think AMD's advantage is being vastly overstated here, particularly in the Forbes article - but it's not something to be ignored with this particular vulnerability. I find it shady as fuck that Intel is asking vendors not to post their before-and-after-the-patch benchmarks for their CPU performance. Just patch the vulnerability and move on. I kind of wish Intel would do trade-in offers for vulnerable CPU's so that you can get one with the vulnerability patched on the hardware end for a lot cheaper.
The fact that many of these vulnerabilities target Intel, though, do have a bit to do with Intel's vulnerability bounty program - something that any sane company would want to implement to help keep their products secure. So keep in mind that while AMD vulnerabilities don't make the news as often as Intel does, that doesn't mean you're automatically safe just by using them. However - if you listen to the greedy assholes on money networks, then it is true that Intel is being feared more by investors who are dumping stock in favor of AMD as a result of this, and consumer fears will be equally matched.
You, as a regular user, don't have a lot to worry about unless you are actively making use of restrictive user accounts to contain possible damage by malware or other users on your system. Or if you're the type who believes that patching is for losers, but then you have much more serious things to worry about anyway than speculative execution exploits. (In other words - keep your browser and OS up to date!) However - people running public-facing servers have a lot more to be concerned about with this vulnerability - especially websites that are on shared or cloud storage providers.
Further reading: (Note - these sites have not been tested without an ad blocker - proceed with care)
