So after yesterdays turmoil in regards to the CPU vulnerabilities, more information is now available to get a grasp of what is going on. Basically, security experts found two major bugs in processors, which are used virtually in every computer in the world. There are two types detected, now called Meltdown and Spectre.
Researchers from the Austrian University in Graz explained their findings on the very informative website meltdownattack.com Meltdown has been known since November and specifically effects processors from Intel. Wednesday this reached the news, because of the solution to the problem, makes Intel processors slower (in very specific workloads). According to Intel, this impact would hardly be noticeable for consumers. However, the problem is not limited to Intel chips. Security researchers also found security flaws with other processors (including those from producers AMD and ARM). This vulnerability variant is called Spectre.
The Exploits
Meltdown and Spectre are bugs that can allow hackers to access the kernel memory of computers. This includes passwords and other sensitive information. Spectre not only affects computers, but could also smartphones and, for example, smart home devices. Researchers tested the leak and also found vulnerabilities in chips dating back from 2011. Even processors from 1995 could have been affected. The problems do not distinguish in the type of device. Operating systems such as Windows, macOS and Android run the same risk. One of the discoverers of Meltdown, Daniel Gruss, calls Meltdown the "most serious problem" for the short term. The errors can be corrected with software updates, but they probably make the computers a bit slower.
Solutions
Large tech companies and providers of cloud services are working on a solution. For example, Amazon and Microsoft say that they will make changes as soon as possible to stop Meltdown. Google also now claims to be secure against possible attacks through this leak. Intel has also started to issue software and firmware updates. No solution has yet been found for Spectre. The security researchers say that this leak is far more difficult to abuse than Meltdown, but that it is also a lot harder to solve. It is likely that Spectre, in particular, will cause problems for a long time, experts think.
