Published: Tue, January 16, 2018
Tech | By Dwayne Harmon

How Google Dealt With Spectre And Meltdown

How Google Dealt With Spectre And Meltdown

Intel CEO Brian Krzanich on Thursday sent an open letter to the technology industry, pledging the company would make frequent updates and be more transparent about the process, and that it would report security issues to the public in a prompt manner.

Intel has identified three issues in updates released over the past week for "microcode", or firmware, the newspaper reported, citing a confidential document the company had shared with some customers that it had reviewed. The fixes reportedly rendered a smaller number of systems unbootable.

The vulnerabilities potentially allow a hacker to compromise the memory of a processor by exploiting simultaneously run apps, and access passwords, private photographs, messages and emails.

"Operating system vendors, such as Microsoft, are still working to address these compatibility issues with their updates".

"Let's be transparent about what patches for these vulnerabilities mean", Williams said. In many cases, code will have to recompiled to be protected against these vulnerabilities.

Rockwell E1000, E2000 and E3000 Industrial Data Center are vulnerable to the attacks exploiting the Spectre and Meltdown flaws.

Not only are users who applied these updates now facing notable performance degradation of their CPUs, some customers are seeing constant reboots in the wake of Intel's solution to the problem, something Intel addressed in its blog post. He said the company is committed to providing frequent progress reports on patch progress, performance data and other information via its Web site.

Although Intel was initially blamed, the so-called Meltdown and Spectre weak points were eventually revealed to be present on chips designed by other mainstream firms, including AMD and ARM, according to the Guardian. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date. "If the question becomes, 'Is [the pledge] valuable or just brand management?' the answer has to be that it's both", Wenzler told SearchSecurity.

Intel promises transparent and timely communications with customers.

ClusterVision experts already have had several experiences on its clusters in order to analyze the impact of the kernel-patch on performance. But I'll say this: "Intel is in a better position to find processor vulnerabilities than any external researcher", Williams said.

Google is claiming, however, that its fix for Variant 2 (CVE-2017-5715), considered to be the hardest to patch without impacting performance, will have "negligible" impact on PC performance.

Like this: