Computer Help and Support

Processor flaw exposes 20 years of devices to new attack

Chipocalypse now

By Russell Brandom@russellbrandom Jan 3, 2018, 5:23pm EST

All week, the tech world has been piecing through rumors of a potentially catastrophic flaw in an entire generation of processors — but with all developers subject to a non-disclosure agreement, there were few hard facts to go on.

Now, new details have emerged on how severe and far reaching the vulnerability truly is. ZDNet and the New York Times are reporting that two critical vulnerabilities — dubbed “Meltdown” and “Spectre” — affect nearly every device made in the past 20 years. The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. The result, one researcher told ZDNet, is that "an attacker might be able to steal any data on the system.”

The researchers have created a website with more details on Meltdown and Spectre - https://meltdownattack.com/. Its FAQ, like many security-related FAQs, is simultaneously comforting and hair-raising. It starts with “Am I affected by the bug? Most certainly, yes.” It notes that there are patches for Meltdown for Windows, Linux, and macOS. It also notes that that Spectre, though harder for a hacker to implement, is more problematic: “As it is not easy to fix, it will haunt us for quite some time.”

Intel chips have been at the focus of initial research and subsequent reporting on the vulnerability, although it remains unclear whether non-Intel chips could be susceptible. In a public statement, Intel said “many different vendors’ processors and operating systems... are susceptible to these exploits.” AMD has denied any of its processors are vulnerable, although Google researchers say they’ve demonstrated a successful attack on AMD’s FX and PRO CPUs. ARM has also confirmed that its Cortex-A processors are vulnerable.

-snip-