3rd January 2018
Google discloses the Spectre and Meltdown vulnerabilities

Following a number of university-led research programmes, the first two of many subsequent transient execution CPU vulnerabilities, named Spectre and Meltdown, were disclosed by the Google Project Zero team.

Transient execution CPU vulnerabilities can occur in computer systems where the CPU operates speculative execution and/or branch prediction optimisations to prefetch instructions with the aim of increasing processing speed.

If the attacker is able to compromise, or directly inject, speculatively executed code into the processing pipeline, they may be able to affect components of the processor, such as the cache, and therefore discover the values of secret data.

While the initial reaction of industry players was that this was 'processors functioning as designed', it led to them producing multiple software, hardware or microcode mitigations to prevent the attacks succeeding.

It also led to multiple subsequent variants of Spectre, and many other similar attacks, being discovered and disclosed.

Related information:

• Meltdown and Spectre official site
• CVE: The Meltdown and Spectre vulnerabilities, CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754
• BBC News: Rush to fix 'serious' computer chip flaws, 4th Jan 2018

Images:

• Spectre and Meltdown logos
  Credit: meltdownattack.com, public domain.