Google discloses the Spectre and Meltdown vulnerabilities
3rd January 2018 Following a number of university-led research programmes, the first two of many subsequent transient execution CPU vulnerabilities, named Spectre and Meltdown, were disclosed by the Google Project Zero team. Transient execution CPU vulnerabilities can occur in computer systems where the CPU operates speculative execution and/or branch prediction optimisations to prefetch instructions with the aim of increasing processing speed. If the attacker is able to compromise, or directly inject, speculatively executed code into the processing pipeline, they may be able to affect components of the processor, such as the cache, and therefore discover the values of secret data. While the initial reaction of industry players was that this was 'processors functioning as designed', it led to them producing multiple software, hardware or microcode mitigations to prevent the attacks succeeding. It also led to multiple subsequent variants of Spectre, and many other similar attacks, being discovered and disclosed. Related information:
Images:
|
Click on the Images For Detail
|