Spectre & Meltdown: Processor vulnerability causes a stir

Two security vulnerabilities published by Google that affect virtually most current processors from various manufacturers are currently causing a lot of buzz.

Security researchers at Google have developed a Project Zero with Meltdown and Spectre Attack scenarios published to exploit a vulnerability in current processors.

Intel first came into the focus of the reporting - but the problem also seems to exist with other processors: potentially programs can access other memory areas and read data from there. This puts virtually any data at risk, and is especially critical for cloud providers with a wide variety of customers and applications on one physical machine. However, private data is just as much at risk; for example, a password manager could be read.

There are already patches for the Linux kernel, version 4.14.11 has already been updated with corresponding changes. Older kernel versions should also get corresponding patches.

According to Google, not only Intel CPUs are affected, but also computing devices from AMD and ARM - and thus also mobile operating systems such as Android or iOS. For Android, the vulnerability was fixed with the security update of January 2, 2018 - here again, the problem of Android versions that no longer receive an update from the manufacturer of the mobile phone and are therefore not supplied with the latest patches arises.

In general, the situation is very opaque. What is certain is that all big players, no matter whether software or processor manufacturers, have fallen into hectic activity. In the night to 04.01. Microsoft has published a Update which, however, still causes incompatibilities with some virus scanners. What the exact effects of the gap are, what performance losses may result from the patches and from which hardware version no more software fixes will be necessary.

Further information:

Leave a Reply

Your email address will not be published. Required fields are marked *