Massive security flaw detected in recent generations of CPUs

Adjust Comment Print

According to Google, this affects all chip makers, including those from AMD, ARM and Intel (although AMD has denied they are vulnerable).

Meltdown and Spectre were identified by researchers at Google's Project Zero security team earlier this week, and could allow hackers access to all files within an affected device.

While Spectre affects devices using chipsets from three leading chip manufacturers, Meltdown affects Intel-powered devices in particular and threatens devices manufactured over the past two decades.

The company originally made a decision to disclose the bug next week, but opted to release a statement on Wednesday to address what it considered to be inaccurate media reports.

This has significant implications for multiple laptop and hardware brands, given the common usage of Intel's technology. These hardware bugs allow programs to steal data which is now processed on the computer.

"Programs can, for example, find passwords that are stored in other programs", he said. The said flaw could leave users' PCs exposed to cyber attacks, which will let hackers have access to sensitive or personal data inside the computer.

However, there is no evidence that any hackers have taken advantage of this - yet.

The report notes that if all you do is play games on your computer, then the PC won't see a slowdown because the software rarely jumps to the kernel.

"Retpoline" sequences are a software construct which allow indirect branches to be isolated from speculative execution.

If the processor guesses incorrectly, they do not apply the changes and continue from where they began, but traces of what the processor was trying to do remain.

Song of Norway To Trump: Fight Climate Change
Trump's meeting with Prime Minister Erna Solberg at the White House is the first foreign leader visit with the president in 2018. The president said he had no problem with agreeing to a climate deal but the Paris accord was " a bad deal ".

While this data is supposed to be protected, researchers found some instances when the processor would leave the data exposed during the process.

Meltdown and Spectre exploit critical vulnerabilities in modern processors.

Furthermore, "Intel believes these exploits do not have the potential to corrupt, modify or delete data".

The good news is that if you are using Google Apps/G Suite, you don't need to take any action.

"We assume that's secure, but what this shows is that we can't necessarily make those assumptions". Processor manufacturers will have to release their own updates to completely plug the security flaw.

How might it affect you?

The research report said there are patches against Meltdown for Linux, Windows and OS X, and technology companies are reportedly issuing updates to fix the problem.

Google has already addressed the bug in Android phones with the January 5 security update for the operating system. In the meantime, Intel put out software and firmware updates to deter further threats.

An Amazon spokesperson directed customers to a statement detailing its security patches.

Microsoft did not immediately respond to a request for comment.

Comments