CPU security flaws – Meltdown and Spectre: Everything you should know
Intel, AMD and ARM processors have design flaws
‘Chipgate’ quickly became a hot topic after security researchers published information about a design flaw affecting all modern processors from the past 20 years. Microsoft and other software/hardware makers said that new updates will be rolled out to fill the security hole, but they may have an impact on the performance. There are two critical vulnerabilities related to the Kernel memory, called Meltdown and Spectre.
Meltdown is easier to exploit than Spectre, and there is already a fix for this bug. It mainly affects Intel processors, while ARM and AMD devices are less exposed to risk of attacks. Spectre, on the other hand, affects all processors, it’s harder to exploit, but there is no fix for it.
According to the Graz University of Technology and the website https://meltdownattack.com/
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate
Microsoft, Apple and Google have already patched Meltdown in new updates of the operating systems, so you should be completely safe if you keep the device up to date. At the time of writing, a fix for Spectre is not available, but if you download apps and programs only from trusted sources, you are fine.
After all, Chipcate shows how vulnerable to attacks our gadgets are. That’s why you should think twice before buying a new device, and always update it to the latest software.