Re: Yes, that's what a Spectre attack is
It has been a suspected vulnerability for a long time. There is a huge difference in the two. And "for a long time", I mean "nearly 20 years". And by "suspected", I mean "taught in every serious CS major".
Now, follow me here. Suppose you are an ambitious graduate student. You know that the worlds #1 supplier of CPUs has as their flagship product a processor which has characteristics that the theory categorically states is vulnerable to this sort of attack. What do you do?
The fact that this vulnerability was not identified (that we know of) until last year when 90% of the graduate students and professors of CS for the last twenty years had every reason to believe that it was out there and more than a little motivation to go after it should tell you something about just how hard it is to track down this class of bug without a roadmap.
And go ahead an throw in select teams at IBM, AMD, and, yes, Intel who would be looking for these if for no other reason that to not be caught flat-footed if someone from one of the OTHER companies made an announcement. Much smaller group, but they would have much better tools at their disposal.