Google reveals CPU security flaw Meltdown and Spectre details
Related thread: Major flaw in millions of Intel chips revealed
______________________________________________________________________
Source: Slashgear
Chris Davies - Jan 3, 2018
Google has revealed its Project Zero findings on the speculative execution security flaws that have sent processor-makers into a tailspin today. The issue which had initially been circulating as an Intel processor flaw, but which it now appears affects chips from multiple manufacturers is, in fact, a number of vulnerabilities that exploit critical aspects of many processors since 1995. Theyre generally being known as Meltdown and Spectre.
Meltdown is a failure of the isolation between the operating system of a computer, and the users applications. A successful attack allows a program to access the memory used by other programs and the OS. That, its suggested, could allow a hacker to extract sensitive data being used by other apps.
Spectre, meanwhile, does something similar only between different applications. Its also based on fundamental flaws in the processors, though researchers say its tougher to exploit than Meltdown. Conversely, while there are software patches that effectively block Meltdown attacks, currently its far harder to mitigate against Spectre. Indeed, while specific, known exploits can be patched against, thats not to say there wont be new variations in future.
Googles Project Zero researcher, Jann Horn, seemingly identified the speculative execution issues independently to other researchers. According to Google, the issue was initially intended to be disclosed on January 9th, 2018. However, because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation it has pulled the trigger early.
-snip-
Read more: https://www.slashgear.com/google-reveals-cpu-security-flaw-meltdown-and-spectre-details-03513512/
RKP5637
(67,112 posts)See >>> https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html
hunter
(39,011 posts)It depends upon the processor's internal algorithms and logic that performs speculative execution.
Basically, Intel has used the same logic and algorithms for speculative execution in its processors for many years now. It worked, it was fast, and they didn't see any reason to change it.
AMD processors are not so uniform. Many of them may indeed be immune to this sort of attack.
ARM processors are unlike any x86 processor, and most ARM processor families don't have this flaw. ARM has been forthcoming about which of its processor families are potentially vulnerable, those that do speculative execution in ways similar to Intel's processors.
The spin coming out of Intel could power a small city.
This is a good example of why diversity is important in any market or natural environment.