Chips compromised by Spectre and Meltdown bugs

      Comments Off on Chips compromised by Spectre and Meltdown bugs

Intel advertising sticker on new laptopBy now you’ve heard plenty about Meltdown and Spectre, but this article by Bleeping Computer goes into a bit more technological detail about the background to the bugs, how they might be resolved, and the potential harm they can cause.

Google has discovered that just about every Central Processing Unit (CPU) released in the last twenty years is vulnerable to exploits dubbed Meltdown and Spectre – affecting practically all chip vendors, operating systems, app makers and cloud providers. Laptops, desktop computers and internet servers with Intel chips are all at risk, suggesting that there are fundamental flaws in how computer chips are designed.

Meltdown takes out security boundaries normally enforced by the hardware. Spectre breaks the isolation between different applications, allowing an attacker to trick programmers into leaking their secrets. In addition to CPUs, Spectre affects desktops, laptops, smartphones and cloud servers. Intel CPUs, which have an 80% market share, are at risk from Meltdown. Attackers could potentially use the bugs to harvest data such as passwords, photos, emails, messages or documents.

So far, these flaws do not appear to have been exploited but now they are in the public domain, the risk level is far greater. The affected companies, a roll-call of tech heavyweights, have either already issued patches or plan to do so soon. As the bugs are a serious security threat, users should install the fixes as a matter of urgency – as and when they become available. Which may… take a while. Keep your eyes open for those.