How a key design flaw in CPU hardware led to the discovery of a devastating gap in computer security and how designing a patch can help fix the problem
What are Meltdown and Spectre?
In December 2017, separate research teams all found the same design flaw in CPU hardware and this flaw, a gap in basic security, led to the subsequent discovery of CPU vulnerabilities now known as Meltdown and Spectre. These hardware bugs expose your computer’s operating system and the processes on your computer to “cache side-channel attacks” which can lead to the leaking of sensitive data (passwords, emails, etc.) as well as privilege escalation.
More specifically, Meltdown provides attackers with access to the memory of your operating system and other programs while Spectre tricks programs into leaking your personal information.
Are You Affected?
According to Project Zero at Google, one variant of Meltdown and two variants of Spectre can affect modern processors produced by Intel, AMD and ARM. These variants can also affect phones and tablets. In other words, you are most likely at risk.
How Do We Fix the Problem?
The impact of Meltdown and Spectre is so wide-reaching that the United States Computer Emergency Readiness Team (US-CERT) issued a vulnerability note (VU#584653) and an alert (TA18-004A) listing affected vendors, impact, and solutions to move forward. One such solution to the potentially overwhelming problem created by these two bugs is the use of a patch. A patch is, simply put, a piece of software created to fix bugs in a computer system. While designing a patch may not always be an all-encompassing solution for every hardware vulnerability, it is the best way forward for now. There are patches against Meltdown for Windows, OS X and Linux, and there is an effort to harden software against Spectre.
Our web servers have been updated to help prevent against this vulnerability however it’s very important to ensure that these are applied to local desktop and server operating systems.
What Are Your Next Steps?
We know that not everyone is able to quickly identify hardware vulnerabilities and fix them with patches or other solutions. That’s where IQComputing can help. Contact our team at 636-594-5552 for more information on Meltdown and Spectre or for questions about how to protect your devices from these hardware bugs.