2018 hasn’t got off to the best of starts from a cybersecurity aspect with the news that processing chips from Intel, AMD and ARM are susceptible to previously unknown vulnerabilities contained within them. This could affect millions of machines across the globe. However, as it stands there are no reports of an attack owing to these vulnerabilities.
With names straight from an Ian Fleming novel, Meltdown and Spectre are the saboteurs in question. Meltdown seemingly only affects Intel chips, while Spectre could be pervasive across every system.
This image from tom’s Hardware explains who they are:
From the horse’s mouth
Intel Responds to Security Research Findings
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Media coverage
PC World report that Intel “expects to have patched 90 percent of its processors that it released within the last five years”.
Intel responds to the CPU kernel bug, claiming its patches will make PCs ‘immune’
Intel said the patches for the CPU vulnerability, due next week, would bring a negligible performance hit to the average user. Claiming that the patches can make PCs “immune” from the vulnerabilities is a first, though.
CNN interviews Bryce Boland, FireEye Cyber Security expert. Computer chip flaws impact billions of devices.
PC World report that Intel “expects to have patched 90 percent of its processors that it released within the last five years”.
Intel responds to the CPU kernel bug, claiming its patches will make PCs ‘immune’
Intel said the patches for the CPU vulnerability, due next week, would bring a negligible performance hit to the average user. Claiming that the patches can make PCs “immune” from the vulnerabilities is a first, though.
And Mashable UK reports the seriousness of the CPU bugs
This reported Intel CPU bug is really bad news for everyone
A vulnerability found by security researchers in Intel processors manufactured over the last ten years is poised to wreak havoc on the world of computing. And the fix? Well, it might not be pretty.
What does that mean? Well, if you’re running Windows, Linux, or macOS, something as simple as the JavaScript in your browser could theoretically gain access to the area of your computer that protects passwords.
How have the Tech giants responded?
All the major firms have now released information on their updates and patches to prevent “chip-level security vulnerabilities”. Here are the releases from:
Microsoft – This update includes quality improvements. No new operating system features are being introduced in this update.
Google discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.
VMware – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
Apple – All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.
AWS – All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed.
