All modern processors are susceptible to the meltdown and specter vulnerabilities
Table of contents:
Windows, Linux and macOS have received security patches, to protect users from Meltdown and Specter related issues, from current processors that have come to light recently. These patches modify the way in which the operating system handles the virtual memory of the processor, since it is precisely there where the problem resides.
Meltdown and Specter vulnerabilities affect all current processors
These security flaws have been called Meltdown and Specter. Both vulnerabilities take advantage of the fact that all current processors execute instructions speculatively, that is, they assume that, for example, a given condition will be true and will execute the corresponding instructions. If the condition later turns out to be false, the speculatively executed instructions are discarded as if they had no effect.
Although the discarded effects of this speculative execution do not alter the outcome of a program, they do make changes to the lower-level architectural characteristics of the processors. For example, speculative execution may load data into the cache, even if it turns out that the data should never have been loaded in the first place. The presence of the data in the cache can be detected. Other data structures in the processor, such as the branch predictor, can also be probed and measure its performance, which can be used similarly to reveal sensitive information.
Best processors on the market (January 2018)
Meltdown is the problem that stimulated the arrival of the operating system patches. This weakness uses speculative execution to filter kernel data into regular user programs. All modern processors, including those from Intel, AMD, and ARM, speculate on memory accesses, although Intel processors do so in a particularly aggressive manner and are therefore the most vulnerable. Intel chips allow user programs to speculatively use kernel data, and access verification occurs somewhat after the instruction begins to execute.
Owners of AMD and ARM systems should not rest easy because of Specter. Specter is a more general attack, based on a wider range of speculative execution features. Spectrum attacks can be used both to filter information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.
Furthermore, Specter does not offer any direct solution. Speculation is essential for high-performance processors, and while there may be limited ways to block certain types of speculative execution, the general techniques that will defend against any information leak due to speculative execution are unknown.
Intel has already been sued for the meltdown and specter vulnerabilities
Intel has already been the subject of three lawsuits in the United States for the Specter and Meltdown vulnerabilities that affect all its processors.
Intel publishes its analysis of performance loss due to meltdown and specter vulnerabilities
Intel has released the results of its performance impact testing of its processor Meltdown and Specter vulnerabilities.
Intel cpus are susceptible to usb vulnerabilities
Intel's CPUs from Skylake have a vulnerability in their IME engine that challenges the security of the platform.
