Meltdown, Spectre Chip Flaws: Who's Affected

Meltdown, Spectre Chip Flaws: Who's Affected

Do you trust that Intel has this problem under control?

What do I need to do?

Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. Patches for Windows devices are out now and the company is securing its cloud services, Microsoft said in a statement. Of course, mobile chip designer ARM has confirmed its vulnerability, but Google says the January 2018 security update is a first step.

It's important for all users to update their devices when new updates are released.

Intel says it has already issued updates for the majority of its processor products released in the last five years.

Hardware fixes are, by nature, much slower and more hard (and more expensive!) than software fixes.

What are these updates trying to fix? Spectre enables one process to access the memory space of another process, making data vulnerable to be read. But hopefully Intel has found a way to truly make its processors immune via software.

"The bug basically melts security boundaries which are normally enforced by the hardware", the researchers wrote.

Both Meltdown and Spectre reportedly could allow intruders to steal all of the data stored in the memory of a computer using one of the affected chips, but one is much easier to fix. The processors are found in virtually all modern phones, computers, and servers.

It's related to Meltdown, but differs in a number of ways that the researchers detail in a pair of technical papers. It's been identified on processors made by Intel, AMD and ARM, according to researchers.


But everything will be fine now, right?

The three lawsuits-filed in California, Indiana, and Oregon (PDF)-cite not just the security vulnerabilities and their potential impact, but also Intel's response time to them. In some cases, it might be possible to upgrade microcode-extremely low-level instructions that help implement more complex functionality on modern processors-to prevent Spectre attacks, and it may be possible to patch some software to reduce vulnerabilities.

To counter it, Google developed a binary modification technique called Retpoline that protects against the second variant (named Spectre) of the attack. The Meltdown flaw is less serious and can be patched by software that is already being released by numerous major computer operating systems.

The two hardware bugs discovered can be exploited to allow the memory content of a computer to be leaked. If the claims hold, it would mean Intel and others have avoided the catastrophic slowdowns that many had predicted. However, the researchers warn Meltdown can be used to access data from beyond the virtual machine - data from the host computer, or even inside other customers' virtual machines.

Operating system and software patches that address the exploits have already been released for Microsoft Windows, Google Android, the Linux operating system, Apple devices.

Why do these issues even exist?

Security experts have said highly regulated sectors of industry, such as government offices and public health institutions, are most at risk of compromise as a result of the chip security vulnerability.

Intel said it is working with other chipmakers, including AMD and ARM Holdings, to solve the issue.

Related:

Comments

Latest news

Terrorists plotted Christmas bomb after meeting Islamic State commander on Facebook
El-Hassan was said to have been well-aware of his plan after exchanging hundreds of WhatsApp messages and meeting in London. Judge Michael Topolski QC remanded them in custody and warned them they faced jail when they are sentenced next month.

Cleveland Browns release statement on 'Perfect Season Parade'
Excedrin donated almost $8,000, saying Browns fans didn't need another headache after what they've endured. Based on the size of the crowd and the responses, it appears Browns fans are making their voices heard.

BlackBerry Motion Lands In The US January 12th
It still runs Nougat for now, but BlackBerry is promising an update to Oreo sometime this year. There's now no word on the BlackBerry KeyOne Bronze Edition release date or price.

State Street Corp Maintains Stake in Exxon Mobil Corp (XOM)
On Monday, September 18 Franklin Robert Stuart sold $1.81 million worth of Exxon Mobil Corporation (NYSE:XOM) or 22,656 shares. They expect $5.93 EPS, up 15.37% or $0.79 from last year's $5.14 per share. (NASDAQ:ILMN) shares were sold by OSTADAN OMEAD.

WD Unveils New Storage Solutions For Consumers
Unfortunately, key details such as release date, it's actual name, and most importantly, pricing was not mentioned by SanDisk. The 256GB SanDisk Ultra Fit USB 3 .1 stick features a low-profile design, and is also available in smaller capacities.

Other news