Posted Fri Jan 5, 2018 at 01:25 PM PST by Steven Cohen
Two big CPU security flaws have been discovered.
Researchers have recently come across two potentially devastating hardware flaws built into many modern CPUs used in PCs and Apple devices. Dubbed Meltdown and Spectre, the two widespread CPU bugs could lead to exploits that would put a user's data at risk.
According to a recent support document released by Apple, both bugs rely on "speculative execution," which is a CPU performance feature found on many modern processors. The feature works by allowing a CPU to predict and start executing code before it knows for sure whether or not that path is correct. If the prediction ends up being wrong, the execution is then rolled back in a way that is supposed to be invisible to software. Unfortunately, the Meltdown and Spectre bugs could take advantage of this process to enable a malicious app to access privileged memory. In other words, worst case scenario, the flaws could lead to the theft of personal data from other programs on your system like passwords, emails, photos, and other documents.
Per researchers at Meltdownattack.com, Spectre is said to be a threat to "all modern processors capable of keeping many instructions in flight," including Intel, AMD, and ARM CPUs. Meanwhile, Meltdown is currently thought to only affect Intel CPUs, but its reach covers virtually every Intel CPU made since 1995. Thankfully, while there are no known exploits for these bugs at this time, there are now patches available to help guard against Meltdown. Likewise, software updates for programs that could be susceptible to Spectre are also in the works. For its part, Apple says that its recent December updates for iOS 11.2, macOS 10.13.2, and tvOS 11.2 should mitigate against Meltdown exploits without any discernable performance hit. Meanwhile, the company is expected to release an update for Safari on macOS and iOS in the coming days to help prevent potential Spectre exploits that would use JavaScript.
Users who want more information about what hardware is affected by these flaws and what steps can be taken to help secure their systems, can head over to Meltdownattack.com for more detailed information.
Sources: Apple, Meltdownattack, Slashgear
See what people are saying about this story in our forums area, or check out other recent discussions.
The latest news on all things 4K Ultra HD, blu-ray and Gear.