Earlier today, we reported on some shocking news -- there is a serious vulnerability that affects Intel processors. To make matters worse, patching that vulnerability -- now known as "Meltdown" -- would cause an up-to 30 percent performance degradation. Yikes!
If you have an AMD processor, you are safe, right? Yes, but not really. You see, yet another vulnerability has been revealed that impacts all modern processors, such as those from Intel, AMD, and yeah, even ARM chips. This vulnerability is called "Spectre," and it has the potential to put the entire technology industry into a tailspin. Seriously, folks, this is very bad -- it is like the computing apocalypse. What's the worst that could happen? Well, your data and passwords could leak and you are almost powerless to stop it.
As is the trend nowadays, these vulnerabilities have cool names, their own website, and of course, fancy logos. Meltdown is represented by a melting shield, while Spectre is a ghost wielding a stick. Spooky! The official (simplified) explanation of each bug is listed below.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
The good news is, software patches for Windows, Mac, and Linux can stop Meltdown. In fact, Microsoft is readying a fix for Windows 10, while macOS is already partly protected as per the most recent High Sierra version. Linux kernel 4.14.11 patches this vulnerability and is available now.
The bad news? You can never truly fix Spectre on existing hardware. While you can fight against malware that leverages Spectre, it can only be eliminated by redesigning the way modern processors work, and that is very bad.
Pretty much every computer and device from the last 20 years is susceptible to Spectre, and that includes servers and cloud computers. To truly stop Spectre, all computers need to be replaced -- think about that for a moment. I hate to speak so crudely, but yeah, we are screwed.
So yes, you should be worried, but no, you should not throw away your computer or unplug it from the wall. Obviously, we are all too dependent on technology nowadays to just stop using our devices, so instead, be sure to update your operating system as soon as patches become available, and stay vigilant by avoiding sketchy websites. Because, sadly, these vulnerabilities can apparently be triggered using web browsers.
If you are interested in learning more about the technical aspects of each vulnerability, I urge you to click on the below links. These papers will supply you with great detail. Also, be sure to keep your web browsers tuned to BetaNews, as we will update you with the latest news on both Meltdown and Spectre as it comes in.