comscore Meltdown and Spectre: Here is what Intel, AMD and others are doing to keep you safe
News

Meltdown and Spectre: Here is what Intel, AMD and others are doing to keep you safe

Here is what Intel, AMD, Microsoft, Apple are others are doing to mitigate Meltdown and Spectre vulnerability

  • Updated: January 9, 2018 10:40 AM IST
meltdown spectre main

Meltdown and Spectre are two of the most critical CPU bugs ever discovered by security researchers. Meltdown, a vulnerability that affects devices using Intel CPUs, was reported by Jann Horn of Google’s Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology and Daniel Gruss and his colleagues at Graz University of Technology. Spectre, on the other hand, affects almost all chipsets, and was independently reported by Jann Horn of Google’s Project Zero and Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom. Also Read - iPhone 13 Pro, iPhone 13 Pro Max delivery date details: Bad news for iPhone buyers

Also Read - iPhone 13 cashback: Vodafone-idea offers special offer on iPhone 13 pre-order via myvi.com

The two vulnerabilities, related in nature, were first privately disclosed to the concerned companies including chip makers, operating system developers and cloud computing service providers. The details related to the flaw were scheduled to be revealed to public this week, but The Register revealed the news last week forcing the companies to publicly disclose the information. Also Read - iPhone 13 too expensive? Get iPhone 12 at lowest ever price on Flipkart today

Intel was the first to confirm the Meltdown flaw affecting its CPUs designed over the past two decades. The Santa Clara-based chip manufacturer played down the risk by highlighting that software patches to mitigate the risk have been developed and will be rolled out across platforms in the coming weeks. However, it didn’t confirm whether the problem will be rectified at the chip level with future design.

What Meltdown and Spectre do?

To briefly recap, Meltdown and Spectre affect the chip-level architecture of chipsets from major semiconductor manufacturers including Intel, AMD and ARM Holdings. The flaw allows any attacker to access the low-level kernel memory that is normally protected from higher programs and user access. While there are no reports of any such attack, it is impossible to trace such an attack since they don’t leave a log of it.

Security researchers claim that Meltdown is the easiest of the two to exploit, and allows any user program to read normally protected data. Daniel Gruss hacked into his own computer to detect the flaw and even designed the procedure called KAISER or Kernel Address Isolation to have Side-channels Effectively Removed that is being used by companies to mitigate the vulnerability by defending the kernel memory from the side-channel attack.

Here is what tech companies are doing to keep you safe from these vulnerabilites.

Intel

Intel is at the center of this security flaw with Meltdown affecting all of its chipsets manufactured over the past twenty years. In its response, Intel confirmed that “these exploits do not have the potential to corrupt, modify, or delete data”, but it failed to offer explanation on what it means for existing chip design and the future generation of Intel CPUs.

The statement also does little to distinguish between Meltdown and Spectre with researchers stating that Meltdown is serious of the two, and has direct implications on Intel processors. Intel says Meltdown can be fixed with operating system level patch and confirmed working with Microsoft and Apple on the same.

For Spectre, Intel recommends inserting a serializing instruction in code between testing array bounds accessing the array. It doesn’t specify where these serializing instructions need to be added, but the addition means that test of the array bounds must be completed even before the array is accessed. This ensures that there is no speculative access to the array assuming that the test is successful. Intel’s suggestion to add a serializing instruction need to be supported and used by operating systems and must be separated from individual applications.

AMD

AMD researcher immediately confirmed that its chipsets are not affected by the Meltdown flaw. It also claimed that its chip architecture should not be affected by the branch prediction attack used by Spectre.

AMD is suggesting operating system patches for array bounds problem that Intel is mitigating with additional serializing instruction. AMD has been silent so far to share details on its approach to mitigate the issue, and how it plans to fix the issue with future chipsets.

Microsoft

Microsoft confirmed that it started patching its operating system against Meltdown vulnerability in November last year. It confirmed that Windows 10 is being mitigated against Meltdown with automatic updates, while other OS users will need to manually update their systems with latest security patch.

Microsoft is testing dual page table system with Insider builds of Windows 10, and will use hardware capabilities to reduce the performance impact caused by implementation of dual page tables. Microsoft says some third-party antivirus software break dual-page tables, and it will not implement it when a third-party anti-virus is detected. It also says that dual-page tables are not implemented with Windows Server.

In order to safeguard against Spectre, Microsoft is issuing patches to modify Edge and Internet Explorer that disable access to JavaScript SharedArrayBuffer. The array bounds attack of Spectre is a risk for web browsers in particular, and is capable of stealing passwords. Even Mozilla has patched Firefox with similar approach.

Apple

Apple designs its own chipsets and operating system for mobile devices, and relies on chipset from Intel and AMD for its computing devices. The company has confirmed that it has patched iOS, macOS and tvOS against Meltdown with the latest update. It has also confirmed that Safari will get an update to prevent against the problem.

Apple, being Apple, is not offering too much of details as to how it plans to protect its products. It seems to be relying on the standard practice of making kernel memory separate from user memory.

Amazon

Amazon has rolled out patches for its Amazon Web Services that protect shared systems against Meltdown attacks. Amazon says it hasn’t seen any impact on performance post the roll out of Meltdown patch.

Google

Google is relying on Linux’s protection to safeguard Android and Chrome OS, which depend on Linux kernels. In order to mitigate, Linux developers have taken an approach by separating the kernel’s memory from user processes, and it has been detailed with the current state of kernel page-table isolation.

Google has updated Chrome OS for x86 architecture with dual page table protection while the OS will get updated for ARM processors at a later stage. The Chrome browser, like Edge and Mozilla, has been modified to prevent precise timing of JavaScript.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: January 8, 2018 12:04 PM IST
  • Updated Date: January 9, 2018 10:40 AM IST



new arrivals in india

Realme 8i
Realme 8i

13,999

Realme 8s 5G
Realme 8s 5G

17,999

Xiaomi Redmi 10 Prime
Xiaomi Redmi 10 Prime

12,499

Samsung Galaxy A52s 5G
Samsung Galaxy A52s 5G

35,999

Samsung Galaxy M32 5G
Samsung Galaxy M32 5G

20,999

Vivo Y33s
Vivo Y33s

17,990

Realme C21Y
Realme C21Y

8,999

Vivo Y21
Vivo Y21

15,490

Realme GT Master Edition
Realme GT Master Edition

25,999

Realme GT 5G
Realme GT 5G

37,999

Itel A48
Itel A48

6,399

Motorola Edge 20
Motorola Edge 20

29,999

Motorola Edge 20 Fusion
Motorola Edge 20 Fusion

21,499

Samsung Galaxy Z Flip 3
Samsung Galaxy Z Flip 3

84,999

Samsung Galaxy Z Fold 3
Samsung Galaxy Z Fold 3

1,49,999

Samsung Galaxy A12 (Exynos)
Samsung Galaxy A12 (Exynos)

13,999

Nokia C20 Plus
Nokia C20 Plus

8,999

Vivo Y53s
Vivo Y53s

19,490

Tecno Pova 2
Tecno Pova 2

10,999

Infinix Smart 5A
Infinix Smart 5A

6,499

Micromax In 2b
Micromax In 2b

8,999

Vivo Y72 5G
Vivo Y72 5G

20,990

Tecno Camon 17
Tecno Camon 17

12,999

Tecno Camon 17 Pro
Tecno Camon 17 Pro

16,999

Realme C11 2021
Realme C11 2021

6,999

Oppo Reno6 Pro 5G
Oppo Reno6 Pro 5G

39,990

Oppo Reno6 5G
Oppo Reno6 5G

29,990

Samsung Galaxy M21 2021
Samsung Galaxy M21 2021

12,499

OnePlus Nord 2
OnePlus Nord 2

27,999

Poco F3 GT
Poco F3 GT

27,999

Samsung Galaxy A22 5G
Samsung Galaxy A22 5G

19,999

Xiaomi Redmi Note 10T 5G
Xiaomi Redmi Note 10T 5G

13,999

Samsung Galaxy F22
Samsung Galaxy F22

12,499

Xiaomi Mi 11 Lite
Xiaomi Mi 11 Lite

21,999

Infinix Note 10 Pro
Infinix Note 10 Pro

16,999

Infinix Note 10
Infinix Note 10

10,999

Vivo Y73
Vivo Y73

20,990

OnePlus Nord CE 5G
OnePlus Nord CE 5G

22,999

iQOO Z3
iQOO Z3

19,990

Realme C25s
Realme C25s

9,999

Poco M3 Pro 5G
Poco M3 Pro 5G

13,999

Realme X7 Max 5G
Realme X7 Max 5G

26,999

Oppo F19
Oppo F19

18,990

Motorola Moto G40 Fusion
Motorola Moto G40 Fusion

13,999

POCO M2 Reloaded
POCO M2 Reloaded

9,499

OPPO A74 5G
OPPO A74 5G

17,990

Oppo A53s 5G
Oppo A53s 5G

14,990

Vivo V21 5G
Vivo V21 5G

29,990

Realme C25
Realme C25

9,499

Realme C21
Realme C21

7,999

Realme C20
Realme C20

6,799

Motorola Moto G60
Motorola Moto G60

17,999

iQOO 7
iQOO 7

31,990

Samsung Galaxy M42 5G
Samsung Galaxy M42 5G

21,999

Xiaomi Mi 11 Ultra
Xiaomi Mi 11 Ultra

69,999

Xiaomi Mi 11X Pro 5G
Xiaomi Mi 11X Pro 5G

39,999

Xiaomi Mi 11X
Xiaomi Mi 11X

29,999

Realme 8 5G
Realme 8 5G

13,999

Samsung Galaxy F02s
Samsung Galaxy F02s

8,999

Samsung Galaxy F12
Samsung Galaxy F12

10,999

POCO X3 Pro
POCO X3 Pro

18,999

Realme 8 Pro
Realme 8 Pro

17,999

Realme 8
Realme 8

14,999

Vivo X60 Pro Plus
Vivo X60 Pro Plus

69,990

Vivo X60 Pro
Vivo X60 Pro

49,990

Vivo X60
Vivo X60

37,990

OnePlus 9 Pro 5G
OnePlus 9 Pro 5G

64,999

OnePlus 9R 5G
OnePlus 9R 5G

39,999

OnePlus 9 5G
OnePlus 9 5G

49,999

Samsung Galaxy A72
Samsung Galaxy A72

34,999

Samsung Galaxy A52
Samsung Galaxy A52

26,499

Micromax In 1
Micromax In 1

10,499

Asus ROG Phone 5
Asus ROG Phone 5

49,999

Samsung Galaxy M12
Samsung Galaxy M12

10,999

Motorola Moto G30
Motorola Moto G30

10,999

Motorola Moto G10 Power
Motorola Moto G10 Power

9,999

Oppo F19 Pro Plus 5G
Oppo F19 Pro Plus 5G

25,990

Oppo F19 Pro
Oppo F19 Pro

21,490

Xiaomi Redmi Note 10 Pro Max
Xiaomi Redmi Note 10 Pro Max

18,999

Xiaomi Redmi Note 10 Pro
Xiaomi Redmi Note 10 Pro

15,999

Xiaomi Redmi Note 10
Xiaomi Redmi Note 10

11,999

Realme Narzo 30A
Realme Narzo 30A

8,999

Realme Narzo 30 Pro
Realme Narzo 30 Pro

16,999

Infinix Smart 5
Infinix Smart 5

7,199

Samsung Galaxy F62
Samsung Galaxy F62

23,999

Samsung Galaxy A12
Samsung Galaxy A12

12,999

Nokia 5.4
Nokia 5.4

13,999

Nokia 3.4
Nokia 3.4

11,999

Realme X7 Pro 5G
Realme X7 Pro 5G

29,999

Realme X7
Realme X7

19,999

Vivo Y31
Vivo Y31

16,490

Oppo Reno5 Pro 5G
Oppo Reno5 Pro 5G

35,990

Samsung Galaxy S21 Ultra 5G
Samsung Galaxy S21 Ultra 5G

1,05,999

Samsung Galaxy S21 Plus 5G
Samsung Galaxy S21 Plus 5G

81,999

Samsung Galaxy S21 5G
Samsung Galaxy S21 5G

69,999

Vivo Y12s
Vivo Y12s

9,990

Vivo Y51A
Vivo Y51A

17,990

Samsung Galaxy M02s
Samsung Galaxy M02s

8,999

Xiaomi Mi 10i
Xiaomi Mi 10i

21,999

Oppo A15s
Oppo A15s

11,490

Best Sellers