Sunday, 14 January 2018

Technology: Two huge bugs that affect practically every computer and smart device discovered - UPDATED

Meltdown and Spectre logos
Security researchers released official documentation of 2 major flaws found in nearly all central processing units, CPUs. These are the brains found in every computer or smart device like mobile phone, tablet, smart home device, etc.

They are codenamed MELTDOWN and SPECTRE.

Meltdown
This affects Intel processors. All Apple Macs and iOS devices are affected by both flaws. Intel CPUs found in Windows OS computers are also affected.

Spectre
This affects Intel, AMD and ARM processors. But AMD has issued a statement that its CPUs are near zero risk, but still vulnerable to variant 1, which is a Spectre exploit.


Fixes have already started to patch these flaws. You can find some of the patches as follows:

1) Microsoft and surface devices
Microsoft has rolled out an emergency patch for the widely reported CPU vulnerability.

2) Windows 10 software patch
KB4056892 (OS Build 16299.192) will be downloaded and installed automatically by Windows Update on Windows 10 machines (standalone package here).

3) Intel-SA-00086 detection tool - this program will check your hardware system if it is vulnerable to Meltdown.

4) Hardware patch for SA-00086 Meltdown (for system builders)

5) Nvidia Patches Drivers Against Meltdown And Spectre
Please download Nvidia graphics patches for
1) Consumers
2) Enterprise customers
3) DGX-1 or DGX Station

6) After initially claiming a “near-zero risk of exploitation” for the second variant of Spectre, AMD admitted that its CPUs are vulnerable to both Spectre variants. However, its CPUs remain unaffected by Meltdown, which only impacts Intel’s CPUs. AMD also started issuing patches for Spectre.

AMD will make microcode updates optional for Ryzen and EPYC customers starting this week. Previous generation CPUs will receive the updates over the coming weeks. The updates will not come directly from AMD, but from system and OS providers, so users will need to check if they’ve received the updates from them.

7) Intel's Spectre BIOS Fix Causes Crashes On Broadwell, Haswell Systems

Intel has issued a statement confirming that BIOS patches for the Spectre vulnerability are causing crashes on Broadwell (Core i3/5/7 5000 series on for mobile) and Haswell (Core i3/5/7 4000 series for desktop and mobile) systems.

Intel does not recommend you ignore the BIOS updates from your system OEM, but you might want to wait for this to unfold if you are using one of the affected CPUs. The BIOS fixes are used in conjunction with software fixes to mitigate Spectre Variant 2. If you have auto-updating turned on in your OS, then most likely you have already received the software side of the fix.

Ref:
1) Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, And Nvidia
2) Google details Meltdown and Spectre flaws that could affect Intel, AMD, and ARM chips
3) Update your software today. Seriously.
4) Meltdown, Spectre Can Be Exploited Through Your Browser