Meltdown And Spectrehttp://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.htmlOn January 2, two new vulnerabilities were announced.
Theinitial details were that Intel’s processors having a new hardware issue. Google’sProject Zero team brought light to Meltdown and Spectre, after there discoveryMeltdown is an exploit that allows memory to be accessedfrom a program or application to another and the operating system. This givessomeone the ability to read system passwords, encryption keys, and othervaluable data directly from the system memory. Thus far, Meltdown has only beenfound on Intel CPU’s. This “bug” can be traced back to processorsmade in 1995. Meltdown is a simplistic attack to execute.
Thankfully, MacOS andthe Linux kernel have already been patched, and Windows is currently sendingout patches. The afore mentioned patches come with some performance loss though,this is dependent on the communication between the application and the kernel. Spectre is an exploit that is far more troubling. Spectre isable to access kernel memory used in other applications. Sadly, there isn’t asimple fix for this one. It’s speculated that a fundamental change to processorarchitectures is required.
The only upside is, Spectre is an extraordinarilycomplex exploit to execute and high knowledge levels of the targeted processoris required. Intel seems to be taking the brunt of this situation. These exploitsare classified as three variants. Spectre is only susceptible to Variants oneand two and not Meltdown, which is Variant three.
Intel is susceptible to allthree. AMD seems to be fairing far better. They have stated that they are not vulnerableto Meltdown due to patch incompatibility with their processors architecture.However, AMD is vulnerable to Variant one (Spectre). With the problems facing the computing world brought on byMeltdown and Spectre, the future is still unknown. How will this affect thefuture of processor architecture? How will security protocols be adjusted? But,not all is lost.
With current round of patches as well as future one, we canlook forward to keeping our data and information safe. It is also unlikely forthe average person to be affect given the nature of these exploits being a verytargeted attack. We should see more details about the total system effects frompatches and any new issues as they are discovered.