What are these Spectre and Meltdown flaws?
In short, both of these are vulnerabilities.
Very closely related vulnerabilities.
These basically affect almost every mainstream computer processor.
And enable the disclosure of a wide array of information.
Spectre and Meltdown affect Intel and a few of the ARM chips most severely.
But researchers only revealed this information to a handful of chip companies.
And they did so privately.
Researchers originally informed about these two huge security flaws to cloud computing providers and operating system developers as well.
Various media reports have now revealed that researchers had scheduled to make their private disclosure public next week.
Or around that time.
That would have helped companies to develop suitable mitigations, workarounds and of course patches.
Making these revelations privately would have also allowed cloud companies to deploy their own fixes in due time.
For clarity’s sake, researchers still don’t fully comprehend the Spectre and Meltdown security vulnerabilities.
They are still trying to figure out one of these flaws.
Media reports have revealed that they expect to have more information and understanding about the flaw before they reveal these security vulnerabilities to the public as scheduled.
Concerned parties have actually and abruptly brought forward the schedule.
And since Spectre and Meltdown represent very severe security vulnerabilities, researchers decided to publicly disclose some information about both vulnerabilities on Wednesday.
The partial disclosure seemed to not have gone down well with some of the companies.
In other words, the disclosures about both vulnerabilities prompted the involved companies to come up with a disorderly set of official responses.
The Spectre and Meltdown security vulnerabilities have affected three main groups of big companies.
And naturally, they are the ones who have to come out with their official statements.
These companies are basically all the major operating system companies, processor companies and cloud providers.
Needless to say, these companies have come up with very varied reactions to the Spectre and Meltdown vulnerabilities.
What Spectre And Meltdown Vulnerabilities Do
Let’s step back a bit and recap what both of these security vulnerabilities do.
Modern processors are different from old processors.
Kind of obvious isn’t it?
But how are they different.
They are different in the sense that modern processors regularly perform a lot of speculative execution.
Why do modern processors do this?
They do it to maximize performance.
To put it another way, modern processors basically execute instructions not only when there is a need for it but also before they have ascertained if those instructions are needed for execution.
To take an example, modern processors do have the capability to guess the probably way a branch will be accessed or taken.
Then they can execute all the instructions based on their guess.
Now, you might as well be thinking, how do modern processors know which branch would be taken?
Well, the answer is that they don’t.
That’s why they guess.
Kind of obvious.
In other words, there is a fifty-fifty chance that their guess would come out as the correct option.
If these modern processors guess correctly, then that’s great.
Well, because then the processors would automatically get some real work done while it didn’t have to wait to monitor and see if the guessed branch as accessed/taken or not.
What happens if the guess doesn’t come out as right?
No big deal according to most experts.
If their guess turns out to be wrong, modern processors can simply discard their results.
And then these modern processors resume executing the instructions which are on the correct side of the taken branch.
Does this speculative execution alter any program behavior?
But it also doesn’t mean that this type of execution doesn’t come with its own set of drawbacks.
And that is exactly what vulnerabilities such as Meltdown and Spectre have shown.
Research on Meltdown and Spectre has clearly demonstrated that speculative execution can and does perturb the modern processor’s state.
And it does so in very detectable ways.
Researchers can detect these perturbations via careful measurements.
What sort of measurements?
Well, measurements like how long does it take the modern processor to perform certain kind of operations.
Researchers can use these timing measurements to detect certain possibilities.
Possibilities such as one process to actually infer properties of certain kind of data which may belong to another given process.
The related data can also belong to a virtual machine hypervisor or even the given operating system’s kernel.
Hackers and other cybercriminals can use this kind of information leakage to their advantage.
Hackers can also use similar techniques in tandem with some of the other security flaws in order to increase the impact of their attacks.
Information leakage is not a small problem.
It is huge.
And potentially destructive.
Information leakage has this tendency to undermine other protections like Address Space Layout Randomization or ASLR.
Security flaws such as Meltdown and Spectre may enable hackers to effectively exploit buffer overflows.
The Meltdown vulnerability, in particular, is applicable to virtually each and every chip that Intel has brought into the market for the past many years.
The Meltdown exploit also affects certain types of high-performance ARM designs.
According to researchers, hackers would find exploiting the Meltdown vulnerability much easier.
Then hackers can use the Meltdown vulnerability to enable any given user program to go ahead and read large tracts of important kernel data.
There is some good news though.
As it turns out, researchers have found that even though hackers may have an easier time exploiting targets via the Meltdown vulnerability, this vulnerability is also slightly easier to robustly guard against.
At least it appears to be that way right now.
The Meltdown flaw actually depends on a method which all operating systems use to share memory bandwidth with the kernel and the many user programs.
And that is where researchers have found the solution.
The solution is to somehow put an end to all types of sharing which can give rise to the Meltdown vulnerability.
Researchers have warned though that any solution would actually carry a certain amount of performance penalty.
Now let’s come to the part about Spectre.
The Spectre vulnerability affect chips from companies such as,
That is what most media reports can confirm.
But in all honesty, this Spectre vulnerability probably affects every single processor that one can buy from the market which offers features such as speculative execution.
The Spectre vulnerability is more subtle than the Meltdown vulnerability.
To put it in simpler terms, the Spectre vulnerability encompasses a kind of a trick testing array bounds.
It uses that to read memory that is present within a given single process.
Hackers can then use this scenario to carry out attacks.
And compromise the integrity of sandboxes along with virtual machines.
Hackers can also launch cross-process cyber attacks which make use of the modern processor’s features such as branch predictors.
This is actually the hardware which carries out the process of guessing which side of a given branch has been taken.
A processor’s branch predictor also controls the core’s speculative execution.
Security researchers seem to have developed systemic fixes for at least some aspects of this vulnerability (that is the Spectre vulnerability).
Of course, that isn’t enough.
Users need to have complete security from all sorts of vulnerabilities.
Partial protection isn’t going to do the job here.
That that is the problem.
If researchers want to protect against the complete range of vulnerability fixes then they will require the modification of all at-risk programs.
Researchers can also recompile at-risk programs instead of modifying them.
Intel Official Response
As mentioned before, the Meltdown and Spectre vulnerabilities affect Intel the most.
And these problems will continue to affect the company in the most significant ways if it doesn’t develop a fix quickly enough.
Now, just because Meltdown and Spectre have hit Intel the hardest doesn’t mean other companies are safe.
As mentioned before, the Spectre vulnerability is a vulnerability that can hit everybody.
That isn’t the case with Meltdown.
The Meltdown vulnerability only hits processors that ARM and Intel ship to the markets.
Additionally, the Meltdown vulnerability can only hit the highest performing ARM processor designs.
What about Intel then?
Well, according to researchers the Meltdown vulnerability is applicable to virtually all the chips that the company has shipped to the market in the last five years.
Some experts put the number of years to 10.
That is, every processor that Intel has shipped in the last 10 years, will have the Meltdown vulnerability.
Some believe that it is possible that the Meltdown vulnerability may effect processors which are up to 20 years old.
Let’s talk about the response that the company has come up with till now.
Intel did come out with an initial statement.
The company produced it last Wednesday and most of the security community considered the response as an absolute masterpiece of pure obfuscation.
The official Intel statement contained a lot of statements.
And most of these statements were technically true.
To take an example, the company wrote that the Meltdown and Spectre exploits did not have the potential to actually modify, corrupt or delete any data.
That is true.
But this statement is utterly beside the main point.
So far, nobody has claimed anything otherwise.
Moreover, the official Intel statement doesn’t seem to distinguish between the two vulnerabilities, Meltdown and Spectre.
As mentioned before, the Meltdown vulnerability is a security flaw which Intel’s closest competitor, that is, AMD has fortunately dodged (for now).
Whereas Spectre has hit all players.
The official Intel statement basically fails to reasonably demonstrate this unequal impact of the vulnerabilities on several different companies.
And their products of course.
To the company’s credit, Intel’s follow-up material gave a better impression.
This is where the company’s whitepaper came into play particularly.
The White Paper did manage to describe the related mitigation techniques.
It also talked about how the company would protect future processors via some changes.
Intel said that it would introduce new features which would act against vulnerabilities such as Spectre.
Now that is a response which is more accurate and perhaps even sensible.
To solve the array bounds problems related to Spectre, Intel has recommended developers to insert a serializing instruction in the code that is present between accessing the array and testing array bounds.
Intel has chosen lfence for this purpose, though there are many other options available.
It is correct that serializing instructions do prevent speculation.
In other words, the processor must complete every instruction which appears before the serializing instruction AFTER the new feature, serializing instruction, can actually go ahead and begin the execution process.
What does that really mean?
In the current case, it means the processor must definitively calculate the test of the related array bounds before the given array is ever accessed.
The new feature will ban previous methods such as speculative access to the given array which assumes that the related tests actually succeed without calculating them first.
That still leaves some things unclear.
For example, security experts still aren’t exactly clear about where should the company add these serializing instructions.
The company said that developers can work to develop heuristics in order to figure out the absolute best places in any given program to include the new serializing instruction feature.
But the company has also warned that the serializing instruction feature should not be used with each and every array bounds test.
Many media reports have revealed that the loss of features such as speculative execution will definitely impose high penalties on performance.
Some have imagined that perhaps the best way is that the process should serialize all array bounds that come directly from the user data.
And the processor should leave others unaltered.
This is, as one can probably imagine, difficult.
But Spectre is a complex vulnerability.
And the above-mentioned problem underscores that.
So what is Intel going to do to take care of Spectre branch prediction cyber attack?
Well, according to the company’s statement, the company is going to add some new capabilities to all of its coming processors in order to modify the behavior of features such as branch prediction.
The more interesting thing is that some current processors which some customers have already installed in their systems will get to have the new capabilities retrofitted.
How will Intel do that?
The company will achieve that with the help of a microcode update.
As mentioned just now, all future generation Intel processing will ship with the new capabilities to guard against the Spectre vulnerability.
Intel has also promised its users that the new capabilities will have the lowest amount of performance impact on the company’s processors.
Overall, Intel will introduce three new capabilities in its new line of processors.
One capability will allow the company’s processors to restrict specific types of branch prediction.
Another feature will help the processor to prevent a given HyperThread from negatively influencing another HyperThread’s branch predictor if they are on the same core.
The third capability will enable Intel’s processors to act as a branch prediction barrier.
This barrier will help the processor to protect branches after the barrier from branches which come before the barrier via various prevention techniques.
Of course, it is another fact that operating systems will also have to chip in.
In other words, operating systems will also have to support these new capabilities and restrictions.
These features will not cater to individual applications.
Media reports have also revealed that some customer systems already have managed to get the microcode update.
What about the rest then?
Well, they will have to wait.
Wait, for their system vendors to put their resources together and come up with a solution.