Two flaws have been identified by researchers: Meltdown, which is believed to affect most Intel CPUs produced over the last 20-plus years, and Spectre, which affects processors produced by multiple companies, including Intel, AMD, and ARM.
Meltdown affects laptops, desktop computers and internet servers with Intel chips. The bounds check bypass can be exploited on Intel, AMD, and ARM processors without privilege escalation, allowing programs to read memory addresses inside their own processes. ” This protected kernel memory includes access to passwords, encrypted information and other crucial data, and Meltdown exploit can be used to access this, putting the user at risk”. However the biggest point of difference is the specific processors affected by each attack.
But the downside is that there isn’t really a permanent solution at the moment, meaning hackers could have plenty of time to figure out a way in.
It is important to note that Meltdown and Spectre generally represent hardware-level flaws.
Three class action complaints have been filed against Intel over the Meltdown and Spectre CPU security flaws that were discovered by researchers earlier this year and widely publicized earlier this week.
According to one of the report’s authors Dr Yuval Yarom, researcher at the University of Adelaide and Data61, the exploits could allow computer programs to access data they should not be allowed to see.
However, users with third-party anti-virus or security software should also check that this has been updated first, in order for the Windows Update process to install the patch.
Microsoft started to push out a patch for the vulnerability for Windows 10 computers on Wednesday afternoon.
According to Intel, the “performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time”.
Intel and ARM on Thursday both announced their intent to release a patch as soon as possible that would purportedly close the hole through an update to their operating system.
Google said in a blog post on its security blog that it shared a new fix, called Retpoline with its partners which fixes one of the Spectre vulnerabilities (CVE-2017-5715). The Register, a tech news site based in the United Kingdom, reported Tuesday that a vulnerability existed.
“We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS”.
Intel Corp. confirmed a report saying that its chips contain a feature that makes them vulnerable to hacking, though it said other companies’ semiconductors are also susceptible. The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors.
Hardware fixes are, by nature, much slower and more hard (and more expensive!) than software fixes.
“Meltdown and Spectre exploit critical vulnerabilities in modern processors”.
Advanced Micro Devices said “there is near zero risk” to its processors because of differences in the way they are designed and built. Additionally, the aggregate effect of performance regressions as a result of patching means longer processing time for tasks, and higher cloud computing costs.
The good news: The vulnerabilities provide new avenues for hackers to mount attacks, but analysts say doing so is not straightforward.
Users of the Linux operating system can already download an update, while Microsoft is gradually pushing out fixes for Windows users. While software vendors like Microsoft, Apple have patched their operating system for PCs including open-source Linux operating system, the question remained about the security of gaming consoles.
Google also released an update for Android that should help limit such attacks.
Intel did not respond to request for comment.