I indeed did not understand it right. There are currently three demonstrated
ways to do a Spectre attack. AMD is quite fine ("near zero risk") after a
kernel patch solves one of these ways (which can therefore be solved through
a software update, unlike the other ways):
https://www.amd.com/en/corporate/speculative-execution
However, https://spectreattack.com/spectre.pdf says:
Further attacks can be designed by varying both the method of achieving
speculative execution and the method used to leak the information. Examples
of the former include mistraining return instructions or return from
interrupts. Examples of the latter include leaking information through
timing variations or by generating contention on arithmetic units.
It looks like all modern processors (including AMD's) will be at risk.
Without a way to solve the problem through software updates.
Well, in each case it would appear that exploiting spectre is quite tough and
to my understanding nowhere near as grave as meltdown.
Well, Meltdown is grave (any data in the RAM can be read at a rather high
speed)... but can be solved once and for all with the KPTI patch (accepting
performance regressions). A Spectre attack only allows to read data in the
kernel space (but there are private keys there!) at a slower speed (50 times
slower than Meltdown according to the original publications). Nevertheless,
it basically affects all processors in use and cannot be entirely solved by
software update. In the medium/long term, it looks far more problematic than
Meltdown: to be immune, everybody will have to throw their current hardware
and spends money on a newer processors that do not exist yet!