nytimes[.]com/2019/11/12/technology/intel-chip-fix.html?smid=tw-nytimes&smtyp=cur
Note: you can't use a web browser in privacy mode to read the article.
All of the vulnerabilities stem from a single issue with the way Intel processors handle data.To save time, the processors perform certain functions they anticipate they will need to perform, and store the processed data. If the function is aborted and the data isn’t needed, it remains in the system for a brief period.
The vulnerabilities would let someone extract the data while it’s being processed or while in storage. Each of the variants the researchers discovered provides another way for attackers to extract the data.
“There’s one real problem and then there are many variants,” Mr. Bos said.
The security researchers have up to now been cooperating with Intel, not publishing the flaws they've found while Intel develops fixes. They feel that Intel is taking the wrong approach, patching each variant of the flaw rather than addressing the core vulnerability, while ignoring some of the info they've passed on. That, and the fact that knowledge of this flaw is becoming more common outside the group of researchers, led them to go public. Intel of course has been painting a rosier picture for PR, implying each time a fix is released that that's it, everything's better now. That said, the seriousness of these vulnerabilities is probably somewhere in between Intel's saying it's not so bad, and the researcher's darker picture. Most users are more likely to notice performance hits because of the fixes, and some risk when/if firmware updates are pushed out -- updating the firmware can brick a device when things go wrong.