iGyaan Network

Tag: Meltdown

  • Intel Facing Multiple Lawsuits Over Chip Security Flaw

    Intel Facing Multiple Lawsuits Over Chip Security Flaw

    The last couple of days have been frantic for the tech community. Ever since Google released two documents detailing the security flaws in almost every CPU in the world right now, the consumers have patiently waited for a fix for their devices. Some, however, have decided to take matters into their own hands. Owners of Intel-based CPUs in Oregon, California and Indiana have sued Intel over the security flaws that have been highlighted in its chipset.

    They claim that the vulnerability in the chipset, which Intel learned about several months ago, make its chips inherently faulty. Intel has provided security patches ever since, but, the complaints raise concerns that these patches will hinder the performance of their computers and is not an adequate response to the serious issues raised against the company’s products.

    A couple of days ago, Google along with other security researchers released a couple of documents which chronicled the major security flaws in Intel, AMD, and ARM processors. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

    Google announced a fix for one Meltdown and Spectre vulnerability each and claimed that these fixes won’t result in system slowdowns which was feared by many.

  • Google’s Fix For Spectre And Meltdown Won’t Cause Significant Slowdowns

    Google’s Fix For Spectre And Meltdown Won’t Cause Significant Slowdowns

    A couple of days ago, Google along with a few other security researchers conceded that almost all the CPUs currently functioning across the world are susceptible to a major security breach. The company released two white papers chronicling the two main ways through which the CPUs can be affected, called Meltdown and Spectre.

    It now appears that Google has a fix for this flaw and it might not cause a significant slowdown as well. In a blog post, Google said that it has shared a new fix, called Retpoline which fixes one of the Spectre vulnerabilities (CVE-2017-5715). Along with that, the company also deployed a Kernel Page Table Isolation (KPTI) fix that protects against the Meltdown (CVE-2017-5754) vulnerability.

    There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

    However, Google has maintained that it doesn’t guarantee that there won’t be any slowdowns.

    In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

     

  • Apple Admits Spectre And Meltdown Affects All macOS And iOS Devices

    Apple Admits Spectre And Meltdown Affects All macOS And iOS Devices

    Alphabet’s Google, along with a few other security researchers published a document which chronicled two major flaws found in nearly all modern CPUs. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

    In the architecture of modern CPUs, there are unpenetrable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

    MacBook Pro

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

    Meltdown affects Intel processors and works by penetrating through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Spectre affects Intel, AMD, and ARM processors, which basically means that it affects anything with a chip in it, from mobile phones to thermostats.

    iPhone X

    In a response to this revelation, Apple has come out and conceded that its devices are not immune to the security flaws. In a statement, the company announced that all its macOS and iOS devices are affected but, mitigations are either already in place or in the final stages of being rolled out. Apple has stated that it has already dealt with Meltdown:

    Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation.

    This is what the company had to say about Spectre:

    Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser.

    Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.

    In a nutshell, this means that while Meltdown is no longer a threat, Spectre remains the only major flaw which can be exploited and Apple will soon release a fix for that.

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.