If your computer is one of those which has an Intel CPUs released in recent years (it probably does) then there’s some big news on the security front.
As The Register reports, a newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.
Precise details of the security vulnerability – which is known variously as KPTI (Kernel Page Table Isolation), KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) and even F*CKWIT (Forcefully Unmap Complete Kernel With Interrupt Trampolines) – have not been made public, and with good reason.
The very real fear is that attackers could exploit the flaw on vulnerable systems to gain access to parts of the computer’s memory which may be storing sensitive information. Think passwords, private keys, credit card data…
Intel isn’t able to push out a firmware update to its chip. That means operating systems like Microsoft Windows, Linux, and Apple macOS, which relied upon Intel’s hardware to provide some of these essential security services, will have to push out their own low-level updates to do the job that they were previously relying upon Intel to do.
Meanwhile cloud services like Amazon EC2, Microsoft Azure, and Google Compute Engine are are also likely to be at risk and will need to be updated.
The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months, and major vendors have been working feverishly on fixes. You can expect the likes of Microsoft and Apple to start rolling out security updates as matter of priority before the flaw is maliciously exploited.
The bad news is that no-one likes to make such low level security updates, particularly under such time-sensitive conditions. Inevitably some businesses will find themselves disrupted by the process.
And going forward, the fact that the operating system has to do more because Intel chips have dropped the ball, may mean that some computer operations take a performance hit.
And few of us are rarely happy with our computers slowing down…
Update: Spectre? Meltdown? F*ckwit? Calm down and make yourself some tea
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast:
Smashing Security #060: 'Meltdown, Spectre, and personal devices in the White House'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
If the OS must be patched to cover for Intel chip flaws, presumably those with AMD chips will also suffer the slowdown, even though their chip doesn't suffer from the flaw, or can the patched OS discriminate?
I believe the fix for Linux detects if it is a AMD and doesn't make the change. I hope the same is true for Microsoft and Apple but don't know.
From what I heard, it will patch AMD machines. You have to block it manually I think.
No news on the Windows patch. I'm worried it will be put into the rollup. I'll be upset if it is. Microsoft will want to carpet bomb with this so I have a feeling it's going to be a pain.
A mate from Sweden shared this with me many hours ago. Yes I fear it will take a performance hit. It'll also hit pockets too. Although this box which I built in 2014 (Intel i7 4790k, fourth gen) will probably be okay the other two computers in the house are quite a bit older – 2008 and 2009. Those will have to be upgraded.
But of course Intel first has to introduce new CPUs to fix it (and their CPUs are expensive – you do get what you pay for however). And of course we have to consider new motherboards (different chipset etc.) and RAM and so on. Not nice. Unimpressed to say the least. Yet as a programmer I realise that we all make mistakes and I certainly won't blame them or criticise them. But it's still very frustrating.
Intel's performance is higher than AMD but the question is will systems not upgraded be higher performance? But there's another issue: will Intel's reputation be tainted? Quite possibly. This raises the question of whether or not this is what AMD has been needing for aeons. Time will tell, as it tells everything…
I think you are wrong. My understanding is that it is later CPUs…maybe your 2014 one…and not earlier ones such as 2008/9.
Anyone confirm ?
Whether or not it's vulnerable isn't really relevant: it'll come with the kernel updates (I should say: came with as I updated more than 11 days ago now). And I didn't have any performance hit on any system, which wasn't what I was expecting at all but was very thankful for.
In the end it's not a matter of what hardware is vulnerable; what matters is the actual software that works around the flaw because everyone getting updates will get that.
Yahoo article is now saying that there are two issues, one affecting intel chips only and another affecting all CPUs, Intel, AMD, and ARM.
https://www.yahoo.com/news/design-flaw-found-intel-chips-fix-causes-them-152935477–finance.html