Dangerous Meltdown And Spectre Security Flaws Exposed Affecting All Intel, AMD And ARM Processors
Today, we're learning more about what exactly is going on, and that there are not one, but actually two vulnerabilities that have been disclosed. It's bad enough that one of them targets Intel processors, but the second affects ALL modern processors as well -- including those based on architectures from Intel, AMD and ARM. So, we present to you Meltdown and Spectre.
Meltdown is the vulnerability that we have all been talking about for the past 48 hours, and it specifically targets Intel processors. The researchers that discovered both exploits describe Meltdown as a breakdown in the "most fundamental isolation between user applications and the operating system." In essence, it allows a program to access memory (which it otherwise shouldn't have privilege to access), giving it the opportunity to spy on data associated with other programs and the operating system itself.
A draft report on Meltdown is available here [PDF] and offers a detailed background and investigation into the attack. The paper also goes on to confirm that Meltdown is limited to Intel processors. Specifically, it makes this assertion:
We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able to leak data.
According to the researchers, every Intel processor made since 1995 (specifically, those that implement out-of-order execution) are affected. Thankfully, there are patches available for Windows, macOS and Linux which essentially put in place stronger protections around the kernel through “kernel page table isolation.” While this resolves the issue, there's the performance hit to consider, which can come in anywhere from 5 to 30 percent, according to early reports, though Intel claims the average user won't see much of a variance.
This is definitely the nastier of the two exploits and affects all modern processors (Intel, AMD, ARM, etc.) and operating systems that we know of. Spectre in effect tricks "error-free" applications that follow "best practices" to provide access to arbitrary locations in their memory. Spectre, like Meltdown, breaks down the barriers between applications, but researchers indicate that "the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre."
In a blog posting, Google writes:
Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
Spectre is tougher to exploit than Meltdown, but its effects are more pervasive. It is also harder to completely defend against or patch Spectre, given that the attack vector involves architectural design choices in all modern processors that would be hard to "undo" now or in the future.
The researchers that uncovered Spectre write, "As it is not easy to fix, it will haunt us for quite some time."
Now that the cat is out of the bag, there are numerous resources to allow you to fully read up on both Meltdown and Spectre. There's an official landing page which gives an easy-to-read overview of Meltdown and Spectre, which you can access here.
Likewise, you can read detailed papers on Meltdown [PDF] and Spectre [PDF]. In addition, be sure to check out Google's blog detailing the exploits and its efforts to help mitigate attacks across its hardware and software platforms.