Spectre and Meltdown Update: What’s New with the Intel, AMD and ARM Chipset Hacks

Malicious code takes advantage of predictive loading in microprocessors for faster computation

By now, you’ve most likely read about the Intel microprocessor vulnerability that is affecting billions of computing devices (including cloud computing services, laptops, servers, desktops, smartphones, tablets and browsers) currently in use.

Intel confirmed reports earlier last week about the exploits, in which it was discovered that malicious software could take advantage of how standard microprocessors use probabilistic modeling to “guess” what operation will come after another one, to anticipate operations in sequence and improve computation performance.

What is Meltdown?

This term refers to the flaw believed to be present only in Intel processors, and was termed “Meltdown” because the flaw “melts” security boundaries that are usually protected by hardware.

What is Spectre?

This term refers to the flaw present in AMD, ARM and Intel processors, which use “speculative execution” to perform computations. The malicious software is afforded access to information contained in the speculative “guesswork” of the microprocessors. Central Processing Units (CPUs) process computations in sequence, and use statistical and operational probability to provide a set of likely operations. Within those potential options for the “next-in-sequence” computation, sensitive information from the computing device’s memory can potentially be accessed.

Patches for Linux, Windows and Apple Devices

Linux: Not every Linux-based system is supported by Intel, and Softpedia recently posted a list of available patches released by Intel and Linux Kernel experts, as well as instructions of how to implement them. The patches are also available on Kernel.org.

Google: Google posted a full and complete list of their products with vulnerabilities to the exploits with the following comment: “On the Android Platform, exploitation has been shown to be difficult and limited on the majority of Android devices.”

Microsoft: Microsoft has released patches for the pair of exploits which affects their cloud service, Azure, the majority of Windows-enabled devices and Windows Servers.

1.)   Azure: Azure customers should be automatically protected, but more details are available on Microsoft’s Azure blog post about the exploits.

2.)   Windows OS: Windows 10, Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server 2016, Windows 7 SP1 and Windows Server 2008 R2 SP1 all have updates available, for customers that have compatible antivirus software (as compiled here by cybersecurity expert Kevin Beaumont).

Microsoft has pulled some of the updates for older devices and acknowledged potential slowdowns for Windows 7, 8 and 10 systems with older hardware. Windows XP is not supported generally or specifically by Microsoft any longer.

See more details in their blog post here.

3.)   Windows Server: In the same blog post as above, Microsoft acknowledged that Windows Servers with older hardware are seeing a performance hit.

Apple: Apple acknowledged that all Mac and iOS devices have been affected, but the fix for Apple users is a simple update. For more details, check out their blog post on the subject.

ARM: While they haven’t released any patches, they acknowledged the exploits on this post.

AMD: They too did not release any patches, but acknowledged three variants of the exploits in their blog post and gave some helpful advice.

Amazon: Amazon Web Services (AWS) provides a huge amount of cloud computing services, and provided a list of affected services and recommendations for its customers on this blog post.

Posts acknowledging the effects of the exploits for Mozilla,  VMWare, and Citrix and advice for customers can be found at each of the links added in this sentence.