Two newly revealed security flaws exploit modern processors to affect virtually every modern computer in use, potentially allowing hackers to “steal the entire memory contents of computers.”
The two flaws are known as Meltdown and Spectre, and the possibility of data theft they present extends to mobile devices, personal computers, and servers within cloud computer networks, The New York Times reports.
Though the flaws have been revealed at the same time, they must be handled in different ways. Meltdown affects “virtually every microprocessor made by Intel.” The widespread use of Intel microprocessors almost goes without saying, but the report notes that Intel chips are “used in more than 90 percent of the computer servers that underpin the internet and private business operations.”
Meltdown can be fixed with a patch, but those software patches could slow down system performance by as much as 20-30 percent.
Spectre is a bit trickier, in that it’s harder to exploit — and harder to fix. The flaw affects most processors and there is no known fix, although some patches can prevent specific exploits. Further details on both flaws can be found at the website Meltdown Attack, which features research papers on Meltdown and Spectre.
While Meltdown only affects Intel chips, Spectre “is a problem in the fundamental way processors are designed,” and a new generation of chips may be required to fix the flaw. Researcher Paul Kocher said the threat from Spectre will linger for decades.
“We’ve really screwed up,” Kocher told the Times. “There’s been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows that you cannot have both.”
In The Wild
Though there are proof-of-concept attacks, it’s unknown if either flaw has been exploited “in the wild” yet. But companies are already taking steps to secure computers and update their systems. Be sure to check with your manufacturer on what’s being done with your specific computer.
One thing is for certain: these flaws are unprecedented. Our only hope is that companies will be able to issue patches which are effective enough to prevent attacks, and that would-be attackers will have a tough time exploiting the flaws — especially Spectre.