Meltdown and Spectre chip flaw timeline

Postado Janeiro 13, 2018

"We have received reports from a few customers of higher system reboots after applying firmware updates", said Shenoy. Those updates can be found on Intel's site.

In a confidential document shared with some of its customers, Intel said it has identified three issues in updates released over the past week.

While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities.

Sys admins everywhere must patch operating systems to reduce the effects of the recently discovered Intel CPU flaws, which hackers could exploit to access speculative execution data in virtual memory and, potentially, to other VMs that share the same host or root access.

As explained in Google's post, most CPUs have a system in place that walls off applications so they can not see what's present in the memory of another application. For instance, cryptographer Paul Kocher told Scientific American this week that Meltdown and Spectre demonstrate a "failure of thought and attention" by chipmakers looking to balance security and performance needs.

In the most basic terms, Williams explained, vulnerable processors are like an old, broken bridge. In many cases, code will have to recompiled to be protected against these vulnerabilities.

Intel's plans for patching its processors against the Meltdown and Spectre vulnerabilities are not going so well, the company acknowledged this week. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date. "Internal policy and procedure changes, especially in how Intel communicates to partners and customers must change, and the public acknowledgement of that will serve as a guidepost for internal decisions to support that". We also commit to adding incremental funding for academic and independent research into potential security threats.

"The pledge is likely brand management more than a real thing that will markedly increase security".

That said, the GPU manufacturer did clarify that their graphics cards are not affected by the said security flaw and that their consumers have nothing to worry about.