It's been over 15 months since the Spectre and Meltdown processor vulnerabilities were revealed to software and hardware makers and close to a year since they were made known to the wider public. The weaknesses, which allow malware to potentially access data from within a wide variety of CPUs, might not have caused computing armageddon but researchers are finding new flaws in processors affected by these issues.
Tagged With spectre
Intel has announced that another flaw in their processor architecture has been identified. Dubbed "Variant 4", the Speculative Store Bypass may allow unauthorised disclosure of information by allowing memory to be read without appropriate permissions. The flaw was reported to Intel by researchers from Google's Project Zero and the Microsoft Security Response Center.
Intel has issued a statement saying several processor families will not be patched to overcome Variant 2 of the Spectre bug that was detected mid last year and made public just before Christmas. While the processor company has patched many of their processors, the road has been quite bumpy with some of the fixes making systems unstable resulting in spontaneous reboots. But now, it seems some of the CPUs that were going to patched have been thrown into the too hard basket.
The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked – and scared – even the experts. The vulnerabilities bypass traditional security measures in the computer and affect billions of devices, from mobile phones to massive cloud servers.
We have, unfortunately, grown used to attacks on computer systems that exploit the inevitable flaws resulting from vast conceptual complexity. Our computer systems are the most complex artefacts humans have ever built, and the growth of complexity has far outstripped our ability to manage it.
Uninstalling an update that addresses a security vulnerability like Spectre or Meltdown sounds like a bad idea. But if the alternative is a PC that constantly crashes, you might be happy to take the small risk in exchange for stability. For Windows users, Microsoft now offers a patch that reverses Intel's microcode fix, but you won't find it via Windows Update.
Researchers at malware and security software testing company AV-TEST have discovered 139 samples of malware that "appear to be related to recently reported CPU vulnerabilities." Although most of the samples they discovered seem to be based on proof-of-concept software created by security researchers the number of unique samples is on the rise.
Linux progenitor Linus Torvalds has already shared his feelings regarding the bungles of Spectre and Meltdown. They weren't happy ones. Now that patches are available, Torvalds is even less impressed, describing Intel's effort as "complete and utter garbage".
Worried about protecting yourself from the security exploit that is Spectre? Well if you already downloaded Intel's update patching the flaw, be prepared to download another one soon. Intel's software fix is the cause of some random rebooting issues users are running into, and the company is urging consumers and manufacturers to hold off on distributing the current update until the update is, uh, updated.
Earlier this month, computer security expects dropped a bombshell on the internet. A pair of vulnerabilities titled Spectre and Meltdown that date back to 1995 were putting a wide variety of computers, smartphones and internet browsers at risk.
While lists are available to show you what platforms are affected by Spectre and Meltdown, it'd be nice if you could just run a tool and have it tell you what you're protected against. For Windows users, SpecuCheck is one such option.
Spectre and Meltdown continue to be a major issue for Intel as it also scrambles to deal with a vulnerability in the Intel Management Engine BIOS Extension. But Google says its fix for CVE 2017-5715 (commonly called Variant 2 of Spectre) can fix the problem with negligible impact on system performance, contrary to Intel's fix.
You're running Windows 7 on your AMD machine, heard about Meltdown/Spectre and did the right thing by updating your OS. And then your PC starts BSODing or worse, fails to boot at all. Fortunately, you don't have to reformat if you can access the recovery console or have your system rescue disc handy.
Intel has been working with the industry to develop and distribute software and firmware mitigations for Spectre and Meltdown. The company says that although they don't have information that these exploits have been used to obtain customer data, they now have additional data on the impact on some client platforms.
Spectre and Meltdown are the collective names for three different vulnerabilities found in the processors powering a vast number of the computing devices we rely on, from desktop and notebook PCs through to smartphones and other gadgets. And while many people are aware that these vulnerabilities exist and that tech companies are doing their best to plug the leaky bits of code, many aren't really clear on what the problems are.
What follows is a plain English guide to Spectre and Meltdown.
The biggest tech news of the summer has, arguably, been the revelation that CPUs in a massive number of computer systems are susceptible to three different vulnerabilities. Two of these, CVE 2017-5753 and CVE 2017-5715, have been dubbed Spectre with the third, CVE 2017-5754, given the Meltdown moniker. Tech companies around the world have been scrambling to provide mitigations to these vulnerabilities. Microsoft has provided some detail on what they've done and what performance impact you can expect.
While we were sleeping Apple dropped an update for iOS users that addresses Spectre - the two vulnerabilities that make it possible for items in kernel memory to be available to user processes. Although there aren't any known exploits for this, and the related Meltdown vulnerability, in the wild the update is an important one for all iOS users.