On January 2, two new vulnerabilities were announced. The
initial reports stated that Intel’s processors have a new hardware-based issue.
The discovery of these exploits, Meltdown and Spectre, were made by Google’s
Project Zero team.
Meltdown is an exploit that allows memory to be accessed
from a program or application to another and the operating system. This gives
someone the ability to read system passwords, encryption keys, and other
valuable data directly from the system memory. Thus far, Meltdown has only been
found on Intel CPU’s. This “bug” can be traced back to processors
made in 1995. Meltdown is a simplistic attack to execute. Thankfully, MacOS and
the Linux kernel have already been patched, and Windows is currently sending
out patches. The afore mentioned patches come with some performance loss though,
this is dependent on the communication between the application and the kernel.
Spectre is an exploit that is far more troubling. Spectre is
able to access kernel memory used in other applications. Sadly, there isn’t a
simple fix for this one. It’s speculated that a fundamental change to processor
architectures is required. The only upside is, Spectre is an extraordinarily
complex exploit to execute and high knowledge levels of the targeted processor
Intel seems to be taking the brunt of this situation. These exploits
are classified as three variants. Spectre is only susceptible to Variants one
and two and not Meltdown, which is Variant three. Intel is susceptible to all
three. AMD seems to be fairing far better. They have stated that they are not vulnerable
to Meltdown due to patch incompatibility with their processors architecture.
However, AMD is vulnerable to Variant one (Spectre).
With the problems facing the computing world brought on by
Meltdown and Spectre, the future is still unknown. How will this affect the
future of processor architecture? How will security protocols be adjusted? But,
not all is lost. With current round of patches as well as future one, we can
look forward to keeping our data and information safe. It is also unlikely for
the average person to be affect given the nature of these exploits being a very
targeted attack. We should see more details about the total system effects from
patches and any new issues as they are discovered.