Meltdown and Spectre security flaws have affected modern processors

Recently, we got to know about the security vulnerabilities affecting the modern Intel chipsets causing serious Kernel memory leak issues on the modern computers running Windows, Linux and macOS. While the reason for the cause of this bug and the exact problem seem to remain a mystery, Windows and Linux have started rolling out updates to fix the issue.

While the updates bringing the fix to the issue is out, information about the flaw named Meltdown and Spectre has been revealed. Meltdown and Spectre are attacking methods that the malicious parties use to break into some of the most sensitive functioning of any device via the affected CPUs.

The modern microprocessors use speculative execution that is one of the techniques to improve performance. Back in 2017, Google's Project Zero team with researchers at several universities identified a massive problem with this technique. When a processor uses speculative execution, it predicts which calculations it might need to do subsequently and then solves them in advance in a parallel fashion. As a result, the CPU wastes some cycles to perform these unnecessary calculations instead of performing the tasks sequentially but the chain of commands will be executed faster.

However, there appears to be a flaw in the way the modern processors use speculative execution as they do not check permissions correctly and leak the details about speculative commands that do not end up being run. Eventually, the user programs can steal glimpses at the protected parts of the kernel memory that is dedicated to the most core components of the OS and their interactions with the hardware of the system.

Usually, this kernel memory is isolated from the user processes to avoid such glimpses, and in the worst case, all the sensitive data such as passwords and stored files will be compromised. The bugs can steal even the cloud data, browser data, instant messages, emails and more as these can work on personal computers and mobile devices.

As per a release by the Graz University of Technology, the researchers have found three potential attack methods - Meltdown and two other vulnerabilities collectively termed Spectre. Meltdown breaks the most fundamental isolation between the OS and user programs. It lets the programs access the memory and know the secrets. Spectre breaks the isolation between the various applications and allows an attacker to trick the programs those are error-free to leak their secrets.

While Windows and Linux updates are on their way, Apple did not publicly comment regarding Meltdown and Spectre attacks. But the security researcher Alex Ionescu has tweeted that the macOS 10.13.2 update will address this issue. Microsoft has taken to a blog post to state that the majority of the Azure infrastructure has been updated to address this specific vulnerability. Some aspects are still being updated and might need a reboot of the customer VMs for the update to take effect.