Meltdown and Spectre: The CPU bugs that can affect almost every computer and device

CIOL Writers
New Update
Microsoft offers bounty upto $250,000 to prevent attacks similar to Spectre and Meltdown

Researchers have found a major security flaw in processors that affects almost every Intel, AMD and ARM chipset as well as the devices and operating systems running on them.


The direct fall out of the vulnerability are 'Meltdown' and 'Spectre'- two new ways for hackers to attack these processors. "These hardware bugs allow programs to steal data which currently processed on the computer," researchers say. "While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs."

Though both Meltdown and Spectre are based on the same general principle, the former allows malicious programs to gain access to higher-privileged parts of a computer's memory, while latter steals data from the memory of other applications running on a machine. While Meltdown is limited to Intel chips, according to the researchers, Spectre attacks have been verified on AMD and ARM processors, as well.

It is important to note that almost every PC, laptop, tablet, and smartphone is affected by the security flaw, regardless of which company made the device or what operating system it runs. And the problem could affect much more than just personal devices. The flaw potentially could be exploited on servers and in data centers and massive cloud computing platforms such as Amazon Web Services, Microsoft Azure, or Google Cloud.


In an official statement, Intel noted that "these exploits do not have the potential to corrupt, modify, or delete data," though they do have the ability to spy on privileged data. The statement also argued that "many types of computing devices—with many different vendors’ processors and operating systems—are susceptible to these exploits," mentioning that it is "working closely with many other technology companies, including AMD, ARM and several operating system vendors, to develop an industry-wide approach to resolve this issue".

Interestingly, AMD has denied that its processors are affected, saying that there was a “near zero risk to AMD processors” at the present.

Importantly, fixes are already being rolled out for the vulnerability.Because the bug allows normal user programs to access the protected memory in the kernel, Linux programmers have been separating the kernel's memory away from user processes in what’s being called “Kernel Page Table Isolation.” But the fix is said to be causing system slowdowns.

AppleInsider reports that Apple has already deployed a partial fix for the security bug in macOS 10.3.2, which was released last month. Meanwhile, Linux and Microsoft developers are still in the process of deploying their respective fixes.

cyber-security security