Your Computer May Be At Risk; A Vital CPU Flaw!
To begin to understand this flaw, we need to first understand what a CPU is.
The central processing unit (CPU) is the computer component that’s responsible for interpreting and executing most of the commands from the computer’s other hardware and software. All sorts of devices use a CPU, including desktop, laptop, and tablet computers, smartphones… even your flat-screen television set.
Intel and AMD are the two most popular CPU manufacturers for desktops, laptops, and servers, while Apple, NVIDIA, and Qualcomm are big smartphone and tablet CPU makers.
You may see many different names used to describe the CPU, including processor, computer processor, microprocessor, central processor, and “the brains of the computer.”
What’s The Big Issue?
Massive security vulnerabilities in modern CPUs are forcing a redesign of the kernel software at the heart of all major operating systems. Since the issues—dubbed Meltdown and Spectre—exist in the CPU hardware itself, Windows, Linux, Android, macOS, iOS, Chromebooks, and other operating systems all need to protect against the first exploits that have begun circulating. And worse, plugging the hole can negatively affect your PC’s performance.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
Can my antivirus detect or block this attack?
While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.
Is there a workaround/fix?
There are patches against Meltdown for Linux, Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.
Why is it called Meltdown?
The vulnerability basically melts security boundaries which are normally enforced by the hardware.
Why is it called Spectre?
The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.