January 4, 2018 by

‘Worst Ever” CPU Bugs Meltdown and Spectre Virtually Affect All Computers

Two major processor security flaws, dubbed “Meltdown” and “Spectre” affect everything from cloud computing to smartphones and PCs and virtually all devices manufactured in the past 20 years.

Upon discovering one of the flaws, Daniel Gruss of Graz University of Technology labeled Meltdown as “probably one of the worst CPU bugs ever found.” Both flaws were discovered by researchers at Google’s Project Zero alongside academics and industry researchers from a number of countries.

Meltdown, specifically, is primarily thought to affect Intel processors manufactured since 1995 wherein the exploit allows hackers to circumvent the hardware barrier between the user’s applications and the computer’s core memory. In essence, Meltdown would lead to a change in the way the operating system handles memory to fix or run tasks with researchers predicting the speed of certain tasks could by up to 30%.

The other flaw, Spectre, affects most modern processors developed by all major manufacturers including Intel, AMD and ARM, allowing hackers to fool error-free applications into delivering secret information. Also known as ‘speculative execution’, the exploit allows malicious actors to read system memory that should have been inaccessible.

Google explains:

 For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

Both Intel and ARM insist that the exploits aren’t caused by design flaws, although admitting that users would require to download a patch and update their operating system to fix the concern.

“Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement. “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

Microsoft has issued an emergency security patch through Windows Update while a firmware update from Intel is also necessary for additional hardware protection.

As the Verge reports, here’s a quick checklist (step-by-step) to follow in order to begin the process of remedying the situation.

  • Update to the latest version of Chrome (on January 23rd) or Firefox 57 if you use either browser
  • Check Windows Update and ensure KB4056892 is installed for Windows 10
  • Check your PC OEM website for support information and firmware updates and apply any immediately

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Researchers Discover 119 Meltdown, Spectre Malware Variants in the Wild

Hundreds of malware samples that have taken advantage of the proof-of-concept (PoC) code for the...

Read more arrow_forward

Intel Scrambles and Fumbles to Issue Patch for Chip Flaws

Intel has reportedly advised computer makers and cloud service providers to refrain from using Intel...

Read more arrow_forward

Meltdown, Spectre Bugs Bring More Grief to Microsoft, AMD Users

Microsoft has temporarily paused issuing patches to the Metldown and Spectre vulnerabilities for AMD...

Read more arrow_forward