In the past few weeks, the entire information security industry has grown very anxious about Meltdown and Spectre, two classes of exploits that can be used to manipulate vulnerabilities in the way many varieties of modern processors (but especially Intel ones) handle a performance-improving technique called speculative execution and extract hidden system data. While numerous platforms have rushed to roll out patches, and Meltdown appears to be less of an issue than Spectre, it's still unclear just how badly this situation could go.
Tagged With meltdown
The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked – and scared – even the experts.
The vulnerabilities bypass traditional security measures in the computer and affect billions of devices, from mobile phones to massive cloud servers.
We have, unfortunately, grown used to attacks on computer systems that exploit the inevitable flaws resulting from vast conceptual complexity. Our computer systems are the most complex artefacts humans have ever built, and the growth of complexity has far outstripped our ability to manage it.
In the wake of Spectre and Meltdown, every major computing company is scrambling to try to find a way to fix, or at least address, the widespread security vulnerabilities at hand. And while things haven't been going great over in the Microsoft camp after the company had to pull its latest security patch, today Google is trying to shore up systems running Chrome OS with a new update, version 64.
It's been nearly a month since The Register first revealed that every single major processor in devices today is subject to a series of harrowing security vulnerabilities known as Spectre and Meltdown. Today, in light of news that Intel informed foreign interests of the vulnerabilities before the US government, and that Microsoft is pulling its latest patch from Intel due to some heinous bugs, we thought we'd revisit the saga and what you can (and cannot) do to protect your data.
Linux progenitor Linus Torvalds has already shared his feelings regarding the bungles of Spectre and Meltdown. They weren't happy ones. Now that patches are available, Torvalds is even less impressed, describing Intel's effort as "complete and utter garbage".
Earlier this month Intel released a patch for Spectre and Meltdown, the devastating vulnerabilities affecting every modern Intel processor. The patch wound up causing another problem: It led some PCs to reboot unexpectedly. Now, Intel says it's identified a fix for its fix, according to Intel executive Navin Shenoy.
Like every major tech company, Microsoft has been pushing out updates to help mitigate the unprecedented vulnerabilities known as Meltdown and Spectre. But some Windows users found that the update rendered their PCs unusable, and now Microsoft has paused the update in some cases until it can fix the problem.
Security professionals had an "oh crap" moment last week when two gaping vulnerabilities were discovered in the bulk of modern microprocessors. The first issue, dubbed Meltdown, was more or less taken care of in a previous Apple update. But now, Apple has released a fix for the second issue, Spectre.
Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google's Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory -- which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.
This week, news of massive security vulnerabilities afflicting every modern model of Intel processor went public, even as developers for practically every major platform frantically rushed to roll out fixes. Much more information has now become available about Meltdown and Spectre, a group of attack methods malicious parties could use to break into some of the most sensitive inner workings of any device using the affected CPUs.