Jump to content

Spectre and Meltdown: Details you need on those big chip flaws


RV_
 Share

Recommended Posts

Design flaws in processors from leading chipmakers could let attackers access sensitive information. How did this happen, and what's the fix?

Excerpt:

"Processors are vital to running all our computerized devices, even if we hardly ever think about them. That's why it's a big deal that they have major vulnerabilities, such as Spectre and Meltdown, that leave them open to hacking attacks.

As they run all the essential processes on your computer, these silicon chips handle extremely sensitive data. That includes passwords and encryption keys, the fundamental tools for keeping your computer secure.

The Spectre and Meltdown vulnerabilities, revealed Wednesday, could let attackers capture information they shouldn't be able to access, like  those passwords and keys. As a result, an attack on a computer chip can turn into a serious security concern.

So how did this happen? And what will chip companies like Intel, Arm and AMD (and the hardware makers that put the chips in their products) do to fix the problem? Here's what you need to know:

What are the vulnerabilities?

Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU, or central processing unit. In both cases, attackers could see data that the processor temporarily makes available outside of the chip.

Here's why that happens: To make computer processes run faster, a chip will essentially guess what information the computer needs to perform its next function. That's called speculative execution. As the chip guesses, that sensitive information is momentarily easier to access.

One flaw, Spectre, would let attackers trick the processor into starting the speculative execution process. Then attackers could read the secret data the chip makes available as it tries to guess what function the computer will carry out next.

The other flaw, Meltdown, lets attackers access the secret information through a computer's operating system, such as Microsoft Windows or Apple's High Sierra.

Security experts refer to these sorts of incursions as side-channel attacks, because they access information as it's being used by a legitimate process on the computer. 

What are tech companies saying and doing about this?

Intel CEO Brian Krzanich says the problems are well on their way to being fixed, at least in the case of Intel-powered PCs and servers. Intel said Thursday that 90 percent of chips released in the last five years will have fixes available by the end of next week and that for chips up to 10 years old, fixes will be released in the coming weeks.

Microsoft on Wednesday released patches for the Windows operating system and its Internet Explorer and Edge browsers, but warned that your antivirus software needs to be updated to support those patches.

Apple said that it has released mitigations for the Meltdown flaw for the operating systems on its Mac computers, Apple TVs, iPhones and iPads, and that neither Meltdown nor Spectre affects the Apple Watch. Apple also said Thursday that it will release patches "in the coming days" for the Safari browser to help defend against Spectre exploits and that it will continue to release patches in future updates of its iOS, MacOS and TVOS software.

Which chips are affected?

A number of chip designs from Intel, Arm and AMD are susceptible to one or more variants of the attacks. The issue is so widespread because those chips, used in devices made by Apple, Google, Microsoft, Amazon and others, all share a similar structure.

What's more, the flaws don't just affect personal computers -- Meltdown also affects servers, the backbone of all major cloud services. So yes, Amazon Web Services and Google Cloud are susceptible to the problem, too. Google said it has secured all its affected products, and Amazon said it would finish securing all affected products on Wednesday."

MUch more in the article including hot links to further explanations, brand specific links and a whole lot more here:

https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-processor-cpu-chip-flaw-vulnerability-faq/?ftag=CAD1acfa04&bhid=20640562413884385817807471581031

 

 

 

Edited by RV_
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...