Meltdown and Spectre flaws

Meltdown and Spectre flaws are hardware vulnerabilities that affect most computer chips manufactured in the past 20 years. Meltdown and Spectre flaws were revealed through published research at the beginning of 2018. The flaws affected the weaknesses in how processors manage data in chips from large manufacturers such as AMD, Intel and ARM. Meltdown and Spectre exploits may allow hackers to gain access to data such as passwords, photos, emails and other similar data.

Even though some software patches have been introduced to minimize their effect, Meltdown and Spectre flaws have many variants. The vulnerabilities are possible because CPUs can execute instructions out of order, which accelerates processing speeds. An attacker can exploit speculative execution and caching techniques a computer uses to read a systems memory and gain access to unauthorized data. These flaws also work on the cloud, meaning that attackers can gain access to multiple end-users in a public cloud setting if the chips are vulnerable.

Differences between Meltdown and Spectre

Meltdown and Spectre flaws are different attacks of the same vulnerabilities. The Meltdown flaw breaks the isolation between user applications and the operating system (OS), allowing the attack to gain access to system memory and other applications in the OS. As an example Meltdown affects processors such as Intel x86 microprocessors as well as other ARM and IBM processors.

The Spectre flaw operates a little differently, where it will just break the isolation between applications; allowing an attacker to gain access to data from those applications. These attacks are harder to execute but are also more difficult to prevent against and works on mostly every type of computer chip.

Meltdown and Spectre flaws today

Soon after the security flaws were made public, patches were released for the processors. Companies such as Microsoft, Apple, Google and Intel began providing patches to Windows, Linux and OS X platforms. Most cloud vendors have also patched their servers. Because the flaw exists on the hardware level, these issues cannot be patched to get rid of them entirely, however, most patches have a workaround for most issues. Some patches, such as a patch to the Linux OS core, slowed down the system so much that they were removed.

Users should still be sure to keep their computers browsers and browsers up-to-date. Users should also be aware that older OSs such as Windows XP will most likely not be patched.

Since the original two flaws’ publication, there have been at least two dozen of variations on the Meltdown and Spectre, such as Speculative Store Bypass, Rogue Data Cache Load or Branch Target Injection.

New CPUs in 2019 are being made from leading CPU manufacturers are being constructed to protect against Spectre and Meltdown flaws, but some of them may not be resilient to the newer variations on the two basic flaws.

This was last updated in May 2019

Continue Reading About Meltdown and Spectre flaws

Dig Deeper on Platform security