Security researchers have disclosed two new exploits that can be executed against modern processors. Dubbed Meltdown and Spectre, the exploits use similar methods to impact processors from Intel, AMD, and ARM across PCs, mobile devices, and in the cloud. The researchers explain:
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre are both distinct attacks, but they both allow attackers to break isolation between applications to access information.
Perhaps the most distinct difference, however, is the specific processors affected by each attack.
Meltdown, the researchers say, has only been assessed to impact Intel processors. However, the range of potentially affected processors is vast.
More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
Spectre, on the other hand, appears to have a much wider reach. According to researchers, nearly every type of device is affected by Spectre; it has been verified to work across Intel, AMD, and ARM processors. Spectre is harder to exploit than Meltdown, but researchers caution that it is also harder to guard against.
The attacks also work against cloud servers, which could leave customer data vulnerable.
Fortunately, at least some fixes are on the way. There are patches against Meltdown for Linux, Windows, and macOS, and Microsoft is currently rolling out an emergency patch for the issue. Spectre is not an easy fix, it seems, and the researchers say that there is ongoing work to "harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre."
You can read more on Spectre and Meltdown, including more technical details, in the researchers' full report.
We may earn a commission for purchases using our links. Learn more.
Review: Surface Pro X (2020) gets a tiny processor bump, but fresh colors
Microsoft's Surface Pro X (2020) now features new color options and a slightly faster processor. What does that mean in terms of overall improvement in performance? Not a whole lot. But luckily, Surface Pro X still has an unmatched design and feature set that makes it utterly unique. Here is our full review.
These great Thunderbolt 3 docks turn your laptop into a desktop
Looking to make the most of your super-fast Thunderbolt 3 connection? The CalDigit TS3 Plus is our top pick thanks to plenty of ports and solid construction, but there are a bunch of other options that might better suit your needs.
Join us LIVE for the Windows Central Video Podcast today at 3:30PM ET
We're LIVE with the Windows Central Video Podcast today at 3:30pm ET, make sure you're there!
Best Xbox Series X, Series S Accessories 2020
Are you grabbing an Xbox Series X or Xbox Series S? These are the most essential accessories you need to complete the experience.