Meltdown and Spectre Vulnerabilities: Experts Reveal Which Really Affects What and the Long-Term Solutions Being Devised

By Janna Dela Cruz, Christian Post Contributor

Security researchers recently uncovered the deadly Meltdown and Spectre vulnerabilities that affect every processor used on every computer over the past couple of decades.

The scale of the issue is definitely unlike any other. These flaws take advantage of speculative execution, which modern processors carry out for improved and speedy performance. It involves executing potential tasks in advance before it is needed.

Because of the Meltdown and Spectre vulnerabilities, passwords and other sensitive information usually stored in the cache memory on the processor of a computer itself become at risk.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

The initial impression is that Spectre affects Intel, AMD and ARM central processing units (CPUs) while Meltdown primarily preys on Intel products, but this is not the case, according to Red Hat chief ARM architect Jon Masters, who, while currently leading the efforts to combat the Meltdown and Spectre vulnerabilities, revealed in an interview with Data Center Knowledge:

I think Intel got a lot of unfair attention this week. The reality is that it's a cross industry, cross vendor issue that affects pretty much every architecture. It's not just Intel, AMD and ARM, it's actually every modern architecture.

He says that Meltdown is the greater vulnerability that they are working on snuffing out because it is readily exploitable. However, Master says that it is not "as big a deal in the longer term" as people make it seem.

I really think it's not as big a deal in the longer term as people are making out. Yes, it's a significant threat. It is something that we obviously need to patch very swiftly. That said, it's a very complicated attack. It's existed for potentially up to several decades on different families of microprocessors as a class of attack that was theoretically possible, but finding it took a lot of effort. It's something that is very hard to reproduce. It's unlikely that many people out there would have come up with this independently prior to the disclosure, and patching it is relatively straightforward.

Masters also clarified that Spectre is not unfixable as others are making it out to be (he understands this in part because both hardware and software change will be required to fully eradicate it), but is not like patching it will be a clear-cut mission either:

The first half of it is relatively straightforward and actually easily patched. The second half potentially has a cross virtual machine exploit. You can have virtual machines attack each other or attack the hypervisor. We also have a mitigation for that in all of our updates, but the mitigation relies on a microcode or system firmware update in order to be firmly effective. I think that's going to complicate the process of deploying this.

The discovery of the Meltdown and Spectre vulnerabilities has major companies working together to solve the widespread issue, a task that is unquestionably going to be extremely difficult. J. Gold Associates president Jack Gold told Engadget:

The chip companies and the OS vendors are doing a pretty good job of handling this. The fact that Intel, AMD and ARM were all working in unison on this, which they never really do, bodes well for the industry as everyone tries to mitigate this potential threat.

Microsoft, Google, Apple, and Linux have all released patches to shield their products from Meltdown while AMD, who said that there is currently "near zero risk" to its products, already rolled out patches to combat Spectre. Intel, on the other hand, said that 90 percent of its affected CPUs released within the past five years are slated to be patched by next week.

The potential disaster the Meltdown and Spectre vulnerabilities are endless, but Gold says that it will still be a tough task for hackers to actually get hold of the private information on storage devices like hard drives.

It requires understanding the relationship between data locations which are highly variable and actual data content, and requires a good amount of processing/decoding. Basically, while these exploits are potentially serious, it's currently tough for someone to use them easily.

Indeed, Masters says that taking advantage of the Spectre vulnerability will be a complicated affair for those who are planning to do so:

The Google research team said they were able to do it one time, with one particular processor, and with one particular operating system version. It took hours to set up. It was very difficult to do, and the bit rate of extraction of information in that case was one-and-a-half kilobytes per second. That's enough to be very concerning, because you could extract the security key, but it was very difficult to pull off and as far as we can see there are no public exploits in the wild for this.

On the other hand, the nature of the Meltdown vulnerability has Masters confident it can be dealt with:

It's actually not a very difficult logic change in future generations of processor to mitigate for Meltdown. It's actually a fairly straightforward change, and very quick to integrate. Of course, rapidity in terms of hardware design is a different order of magnitude from software updates. For the Spectre attack, the fix is very simple. And again, that one is pretty straightforward to implement in future generations.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.