Lunes, 24 Setiembre, 2018

Meltdown and Spectre chip security scare: Should you be afraid?

Intel CEO Brian Krzanich Intel CEO Brian Krzanich Ap Images
Eleena Tovar | 14 Enero, 2018, 14:14

The Meltdown name comes from the bug essentially "melting" the security barriers that were supposed to be enforced by hardware.

In a blog post published minutes ago, Google's Security team announced what they have done to protect Google Cloud customers against the chip vulnerability announced earlier today.

Intel also said that the vulnerability is not unique to their products.

Google said on its blog that all Android devices with the latest security update are protected and that its Google Apps/ G Suite, including Gmail, do not require users to take any action.

News of the weakness, found last year and reported Tuesday by The Register technology blog, hit shares of Intel, and pushed shares of rivals including Advanced Micro Devices Inc upwards.

"Intel has begun providing software and firmware updates to mitigate these exploits". More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).

Furthermore, Intel said that the security issues are not from the processor designs themselves, but in the approach that researchers used to compromise a system. The former only seems to affect Intel CPUs, with reports that the latter is on all three.

A couple of days ago, Google along with other security researchers released a couple of documents which chronicled the major security flaws in Intel, AMD, and ARM processors.

The kernel is a high and mighty authority in the architecture of an OS, and it features the highest privileges to read/write instructions and files.

The findings were that processor microarchitectures from Intel, AMD and ARM were all vulnerable to a lesser or greater extent.

While it's urging to see that Xbox is unaffected, different sorts of devices from PC to telephones, and web servers, still aren't completely checked. Sources close to the matter told The Verge that the update will be applied automatically on Windows 10. Through the exploit, attackers may gain access to data, though they do not have the power to modify or delete them, Intel added. There haven't been any reports of this happening yet, but it's worrying that it's been present for so long on millions upon millions of devices.