Isn’t the big performance hit because Intel wasn’t checking permissions where they should have? How is that not a shortcut? They skip a step for speed.
Meltdown arguably does fit your description, but AFAIK the cost of checking permissions in the right place is almost zero, so it’s arguably better described as “we never realized it would be dangerous to not check permissions here” than “we skipped the check for performance’s sake”. (AMD processors were not vulnerable to Meltdown.)
Spectre, on the other hand, is sort of an inherent flaw of speculative execution (not related to permissions checks). Speculative execution itself is definitely a shortcut, but it’s a shortcut that’s crucial to the performance of all modern high-performance processors, with the result that nobody really knows how to deal with Spectre. Intel was apparently hit harder than AMD by side channel mitigations collectively, apparently because Intel was doing more aggressive speculation – but those mitigations are only partial. Both vendors’ processors are still vulnerable to Spectre attacks even with mitigations applied [1], and that will remain the case even on future processors, for the foreseeable future.
Contrary to popular sentiment, Meltdown is also not an Intel-unique bug, it also affected POWER and ARM processors.
AMD essentially got lucky on this one - their neural-network based branch predictor is difficult for an attacker to train to follow specific code paths, which is a necessary component of Meltdown/Spectre style attacks. Pretty much every other processor that does speculation is affected.
The potential for cache timing to serve as a side-channel leak was not widely appreciated in the industry, although it was theoretically described as far back as the early 90s.
