The Spectre of a Potential Security Meltdown
Spectre. Meltdown. These phrases sound like the titles of bad B-Movie action films. But they’re very much real. They’re the name of two massive CPU exploits that were uncovered over the past week (the first week of January 2018). Both are the biggest threats to processing hardware we’ve seen in a long time.
At their heart, both attacks take advantage of the fact that processors execute instructions speculatively. All modern processors perform speculative execution to a greater or lesser extent. They'll assume that, for example, a given condition will be true and execute instructions accordingly. If it later turns out that the condition was false, the speculatively executed instructions are discarded as if they had no effect.
The first exploit “Meltdown” uses speculative execution to leak kernel data to regular user programs. This is potentially very dangerous. Operating system memory has associated metadata that determines whether it can be accessed from user programs or is restricted to access from the kernel. Intel chips allow user programs to speculatively use kernel data, and the access check (to see if the kernel memory is accessible to a user program) happens some time after the instruction starts executing. With careful timing, this can be used to infer the values stored in kernel memory. That means a hacker can see what’s in the memory just by exploiting the natural processes of the CPU.
Spectre on the other hand, is a more general attack, based on a wider range of speculative execution features. It uses array bounds checks and branches instructions to leak information, with proof-of-concept attacks being successful on AMD, ARM, and Intel systems. Spectre attacks can be used both to leak information from the kernel to user programs, but also from virtualization hypervisors to guest systems.
Moreover, Spectre doesn't offer any straightforward solution. Speculation is essential to high-performance processors, and while there may be limited ways to block certain kinds of speculative execution, general techniques that will defend against any information leakage due to speculative execution aren't known.
The most vulnerable users are probably cloud service providers; Meltdown and Spectre can both in principle be used to further attacks against hypervisors, making it easier for malicious users to break out of their virtual machines.
Therefore, it is vital that you ensure your web browsers, server software and operating systems are fully up to date, especially if you’re using cloud services. Software patches should be issued imminently and its very important that you install them ASAP to prevent potentially catastrophic damage from occurring.