A fix for a security flaw in all modern Intel processors and some models of CPUs from other companies is currently being pushed out for Windows 10. While details regarding the exact nature of the exploit were previously under embargo, the release of a statement by Google and academic papers detailing the mechanism of the exploit now provide a better understanding of how it works.
The new attacks have been dubbed Meltdown and Spectre. Both target the way privileged information is handled in the kernel, with the former focusing on breaking the isolation between applications and the operating system. This is the more severe threat among the two, and can allow an attacker to gain access to not just the kernel memory but also the 'entire physical memory'. According to a security researcher who discovered the exploit, this would allow them to 'steal any data on the system'.
Explained rather simplistically, Meltdown exploits out-of-order executions in modern processors in order to allow an attacker to read privileged memory using an unprivileged process. In order to improve performance on processors, the CPU will often carry out its tasks out-of-order - that is, not in the sequence they are given. This requires the CPU to 'look ahead' and while the processor is then able to reconcile discrepancies in order to execute the program properly, these 'memory lookups' can influence the cache. As such, a side channel that is able to glean information from the cache could be used to read privileged information.
The second vulnerability, Spectre, acts in a similar manner, though its operation relies on circumventing the isolation between different applications, thereby allowing a malicious program to access information that is being processed by another program. Though harder to exploit than Meltdown, Spectre attacks are also harder to mitigate, with one researcher claiming they will 'haunt us for years'.
Intel processors in the last two decades are almost all affected by the fundamental mechanism used in the operation of the exploit, while only a some of AMD's processors are affected. AMD, in a statement, claimed:
"The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."
Linux and macOS have already received various patches to mitigate the impact of these vulnerabilities, while Microsoft pushed an emergency patch for its operating systems earlier today. Unfortunately, however, CPU performance may be negatively impacted as a result of the patch, especially on older processors.
Source: meltdownattack.com via ZDNet
23 Comments - Add comment