Meltdown and Spectre vulnerabilities
Meltdown and Spectre are two CPU flaws which are making headlines around the globe. These are hardware vulnerabilities at the architecture level and it affects software programs and exposes it to dangerous attacks. A malicious code exploits Meltdown and Spectre vulnerabilities to get hold of secrets stored in the memory of software programs. It is also causing programs to steal data which are processed on the computer. This includes your passwords stored in a browser, photos, emails, instant messages or business related data/documents.
Meltdown affects personal computers, laptop, cloud computers and Intel processors. It works by breaking through the barrier thereby preventing applications from accessing random locations in kernel memory. Spectre affects Intel, AMD and ARM processors, mobile devices, embedded.
These vulnerabilities are at the processor layer and hence the processing capabilities of the entire system are affected. This includes hardware, operating systems, hypervisors or applications. Hence the released patches have to be thoroughly tested before being released into production environment.
Product Patches for Meltdown and Spectre
Vendors who are impacted by these vulnerabilities have announced product patches so far.
Microsoft has released operating system patches from Windows 7 onward. It has also released patches for company’s browsers which include, Internet Explorer and Edge browsers.
Apple released patched versions of its operating systems and Safari browser.
Google’s Chrome browser has a patch that will be released this month close to January 23.
According to the latest news, Intel, released a patch to fix these issues. These are causing rebooting issues on some Broadwell and Haswell platforms. Intel has advised the users to skip the patches and await a better fix. Linus Torvalds, the founder of Linux has criticized Intel’s attitude to these fixes. He was quoted as saying “the patches are COMPLETE AND UTTER GARBAGE.”
Due to the inherent design flaw, there is an outrage within and outside of the security community .This inturn has also forced the chip developers to revisit the design board for their new chips. Coming months would be highly crucial for chip developers as they would under tremendous scrutiny from all quarters including the security researchers themselves.