Cybersecurity researchers have recently discovered two major CPU vulnerabilities affecting nearly all the computer devices we use today. The flaws – called Meltdown and Spectre – are present in modern Intel, AMD and ARM processors and affect personal computers, mobile devices, and even cloud infrastructure.
These vulnerabilities are unique in that they are not due to the physical mechanisms of the chips or more commonly seen software bugs. Instead, the problem exists at the architecture level of the CPU and can expose virtually all data the computer processes.
Chips manufactured as early as 2011 were tested and found to be at risk, but theoretically every Intel processor dating back to 1995 could be affected. Due to the nature of the flaws, all software platforms – including Windows, OS X and Android – are vulnerable and it is unlikely that traditional antivirus could detect or block an attack.
Some software patches have been released to safeguard Windows, Linux and OS X computers from Meltdown, and additional protections are being developed. It appears, though, the Meltdown fixes may reduce the performance of Intel Chips, particularly on data center servers.
No solution for Spectre has been identified, and experts do not expect it to be fixed any time soon. The fact that this vulnerability is so closely tied to the way in which the processor operates has made it impossible for researchers to yet find a way to avoid it entirely.
In the meantime, companies across the world are working to understand the real-world risks posed by these flaws and develop ways they can be mitigated.
Here are several other articles for more information: