The tech world is highly dynamic. With advancing highs and regressive lows, it keeps on moving if not progressing. However, the previous week there was a major vulnerability attack and it now challenges the entire foundation of software security.
Enter Meltdown and Spectre.
A lot of buzz and panic had been created ever since researcher Jann Horn at the Graz University of Tech found two bugs in the processors.
Before moving any further, you should know exactly what a processor and a bug is.
What is a bug?
A bug is a fault or flaw that is often found in software programs.It tends to make the program behave in an unexpected manner. Processors are basic thinking units of a computer system.It enables the computer system to perform basic operations such as input/output, memory storage and a whole bunch of other things.
Coming to the bugs Meltdown and Spectre
Spectre is two of the three bugs detected by researchers whereas Meltdown is the third one. Now what are they and why should you be concerned. For understanding this, let’s understand the basic working of the two bugs.
Processors handle confidential data like passwords and other sensitive content, keeping them away from other apps. Data is usually handled in parallel i.e data is worked upon while other applications are running thus rendering an optimal performance from the CPU. But sometimes to speed up the operations, processors use “speculative execution”.
As the name suggests, speculative execution means an implementation based on pure guesswork. So, after seeing certain calculations the processor starts speculating answers which also saves time as the processor doesn’t have to really perform the operation again. If the result is positive, then well and good.
Now, this is where Spectre comes into the picture. The time delay in performing the operation and the chip’s security check can enable any app to locate the data storage site. It becomes a piece of cake for the hackers to exploit.
Coming to meltdown. For a hacker to steal your information from meltdown is even more simple. By knowing the time difference, it is virtually possible to infer data from other processors or operating systems or virtual machine hypervisor.
How you can protect your PC and other devices
Many tech companies are pushing new updates against Meltdown and Spectre, as expected.
Microsoft has pushed updates for Windows 7, Windows 8.1, and Windows 10 operating systems.
Linux kernel developers have been actively working on the fixes for Meltdown for months, and Linux kernel patches are now available. Many distributions have the patches available and others are working to release them at the earliest.
Apple has already released the patch to protect your Macs and iPhones from meltdown attack. The patches were released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.
Since Google was the one discovering the flaw and disclosing, the company has the most detailed response and advisory on the web.
As The Verge explained,
“The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. They also allow an attacker to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain keystrokes, passwords, and other valuable information.”
Meltdown and Spectre both are bugs at the hardware level.
Hence, prevention is out of most of our hands.Processors are the basic building blocks of a computer system. These bugs can effect chips made after 2011. Theoretically, chips made after 1995 are affected. So, practically everything! Be it your computer systems or mobile phones.