Everyone with a desktop computer, laptop, mobile device, or smartphone struggles against malware and hacker attacks at some point, but the current news spreading on major networks and the internet warns of a darker, more insidious threat. Across platforms equiped with all types of CPUs and major operating systems, the Meltdown and Spectre vulnerabilities lurk. No simple scans will tell you if someone has taken advantage of either one on your machine. No simple, 100% ironclad fixes exist to stop these hardware-based weaknesses, except perhaps in Linux 🙂
Before you stop using the Cloud or throw away your tablet in fear, you should understand what Meltdown and Spectre are and the steps being taken to counter the issue.
CPU Vulnerabilities Explained
Any processor built since 1995 has an intrinsic weak spot that allows Meltdown and Spectre to infiltrate the deepest, most protected core of computer memory and function, the kernel. They stem directly from the new processors' method of attempting to predict instructions before the user asks. The two vulnerabilities exploit this process and allow hackers or associated programs to sneak in and grab private data. This stolen information may include personal details, banking or credit card information, business documents, and passwords.
Although the danger from both Meltdown and Spectre stem from similar issues, they do differ in some basic ways.
Meltdown
Image From: https://xkcd.com
- Steals data directly from kernel memory
- Affects Intel and some ARM processors, but not AMD ones.
- Dissolves separation between accessible programs and the computer's OS
- Steals data from active processes
- Affects Intel, ARM, and AMD processors.
- Allows for remote access and execution
- More difficult to exploit and fix