Meltdown and Spectre logos are free to use, rights waived via CC0 Share on Facebook Share on Twitter On Jan 3, researchers at Google’s Project Zero revealed two new security exploits — codenamed Meltdown and Spectre — to the public. Computer manufacturers are now releasing patches to deal with the security threats, but warn of up to a 30 percent performance loss in certain machines. What are Meltdown and Spectre? Meltdown breaches security by abusing branch prediction and out-of-order processing. In branch prediction, the processor speculates upcoming commands and executes them regardless of whether issuance of the command occurs. Out-of-order processing on the other hand, allows CPUs to skip checks in processes. Both of these reduce latency at the cost of wasted processes. Attackers use this to their advantage by preventing access to arbitrary system memory. When a program is sufficiently slowed, the CPU continues its processes speculatively and only correct errors several cycles later. This gives the attacker a window of opportunity to access vulnerable and potentially sensitive data. Additionally, it has the potential to processors from as early as 1995. Spectre on the other hand, tricks the processor into accessing arbitrary locations in the program’s memory. It is not dependent on specific features of the chipset. Rather, it attempts to train the processor’s branch prediction to leak sensitive information to the malicious program. While Meltdown is the more dangerous exploit, Spectre is the more widespread one. It is capable of affecting smartphones, tablets, laptops, consoles, and desktops alike. Companies Respond to Meltdown and Spectre Seccurity Threats Microsoft and Linux have released quick patches to defend against Meltdown and Spectre. Microsoft is currently working on a January 9 patch to both exploits, and Linux is reworking its virtual memory systems. AMD and ARM have also developed software solutions to the threats. Meanwhile, Intel has released an argument regarding Meltdown, stating it has a chance of affecting processors by other companies as well as their own. Apple later released a statement of its own, explaining the vulnerabilities of Mac and iOS devices to the exploits. The embargo on all information regarding the attacks will raise on Jan 9. Meltdown and Spectre Countermeasures see Drop in Computer Performance Due to the patches to OS security, users may see drops in computer performance for affected platforms. Users may experience a performance deficit of up to 30 percent depending on the system and/or applications run. This drop will most likely be evident in enterprise-level software. Benchmark tests by Linux suggest that gaming computers only suffer from a minor performance loss. Additional technical information may be found at meltdownattack.com and in Google Project Zero‘s blog post. Facebook Comments
The Life-Changing Lessons from “When Life Gives You Tangerines” That Will Make You Appreciate Life More
