The Meltdown and Spectre CPU flaws that the Google Project Zero team discovered are arguably the worst we have ever known. These vulnerabilities were built into BILLIONS of CPUs that we have been using for the last decade or so.

Not just Intel CPUs, but also CPUs made by AMD, Apple and ARM. Even those that power our smartphones and other smart devices!

Let’s take a look at what we know so far about Meltdown and Spectre, how they affect you, and what we can do about them.

This story is still developing. We will update the article as and when new details emerge. Be sure to check back and refresh the page for the latest information!

 

Article Update History

 

The Meltdown + Spectre Vulnerabilities

• The Project Zero team identified these vulnerabilities in 2017, reporting it to Intel, AMD and ARM on 1 June 2017.
• These vulnerabilities take advantage of the Speculative Execution and Branch Prediction features of the modern processor, that have been used for many years to improve performance.
• Speculative Execution lets the CPU predict and pre-execute the next instruction, allowing it to “instantly” deliver the results if it’s correct.
• Branch Prediction helps the CPU predict future execution paths that should be speculatively-executed for better performance.
• There are THREE (3) variants of the speculative execution CPU bug :
  • Variant 1 : Bounds Check Bypass (CVE-2017-5753)
  • Variant 2 : Branch Target Injection (CVE-2017-5715)
  • Variant 3 : Rogue Data Cache Load (CVE-2017-5754)
• The Spectre attack (whitepaper) exploits variants 1 and 2.
• The Meltdown attack (whitepaper) exploits variant 3.
• There is a Variant 3a, which appears to affect only certain ARM processors.

 

What’s The Difference Between Meltdown & Spectre?

• Spectre tricks the CPU branch predictor into mis-predicting the wrong path, thereby speculatively executing code that would not otherwise be executed.
• Meltdown takes advantage of the out-of-order execution capability of modern processors, tricking them into executing malicious code that would normally not be allowed.
• The Spectre name is based on both the root cause – speculative execution, and the fact that it is not easy to fix, and will haunt us for a long time like a spectre (ghost).
• The Meltdown name was chosen because the vulnerability “basically melts security boundaries which are normally enforced by the hardware“.

 

How Bad Are Meltdown & Spectre?

• The Spectre exploits let an attacker access and copy information from the memory space used by other applications.
• The Meltdown exploit lets an attacker copy the entire physical memory of the computer.
• Unless patched, the affected processors are vulnerable to malware and cyberattacks that exploits this CPU bug to steal critical information from running apps (like login and credit card information, emails, photos, documents, etc.)
• While the Meltdown exploit can be “fixed”, it is likely that the Spectre exploit cannot be fixed, only mitigated, without a redesign of the processors. That means we will have to live with the risks of a Spectre attack for many more years to come.

 

How Many Processors Are Affected? Updated!

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

Company	Spectre 1	Spectre 2	Meltdown
AMD	295 Server CPUs 42 Workstation CPUs 396 Desktop CPUs 208 Mobile CPUs	295 Server CPUs 42 Workstation CPUs 396 Desktop CPUs 208 Mobile CPUs	None
Apple	13 Mobile SoCs	13 Mobile SoCs	13 Mobile SoCs
ARM	10 Mobile CPUs 3 Server SoCs	10 Mobile CPUs 3 Server SoCs	4 Mobile CPUs 3 Server SoCs
IBM	10 POWER CPUs	10 POWER CPUs	10 POWER CPUs
Intel	732 Server / Workstation CPUs 443 Desktop CPUs 583 Mobile CPUs 51 Mobile SoCs	732 Server / Workstation CPUs 443 Desktop CPUs 583 Mobile CPUs 51 Mobile SoCs	732 Server / Workstation CPUs 443 Desktop CPUs 583 Mobile CPUs 51 Mobile SoCs
Total	2786 CPUs	2786 CPUs	1839 CPUs

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

 

Intel Detection Tool?

The Intel-SA-00086 Detection Tool does NOT detect the processor’s susceptibility to these vulnerabilities. It only checks for different vulnerabilities affecting the Intel Management Engine.

 

InSpectre

Our reader Arthur shared that the Gibson Research Corporation has an aptly-named utility called InSpectre.

It checks for Meltdown and Spectre hardware and software vulnerabilities in a Windows system. It will help you check if your system is getting patched properly against these vulnerabilities.

 

What Is Being Done??? Updated!

Note : The terms “mitigate” and “mitigation” mean the possibility of a successfully attacked are reduced, not eliminated.

• Intel has started issuing software and firmware updates for the processors introduced in the last 5 years. By the middle of January 2018, Intel expects to have issued updates for more than 90% of those CPUs. However, that does not address the other Intel processors sold between 2010 and 2012.
• Microsoft and Linux have started to roll our the KPTI (Kernel Page Table Isolation) patch, also known as the KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) patch.
• The KPTI or KAISER patch, however, will only protect against the Meltdown exploit. It has no effect on a Spectre attack.
• Microsoft Edge and Internet Explorer 11 received the KB4056890 security update on 3 January 2018, to prevent a Meltdown attack.
• Firefox 57 includes changes to mitigate against both attacks.
• Google Chrome 64 will be released on 23 January 2018, with mitigations against Meltdown and Spectre attacks.
• For Mac systems, Apple introduced mitigations against Spectre in macOS 10.13.2 (released on 8 January 2018), with more fixes coming in macOS 10.13.3.
• For iOS devices, Apple introduced mitigations against Meltdown in iOS 11.2 and tvOS 11.2.
• On 8 January 2018, Apple released iOS 11.2.2, which mitigates the risk of the two Spectre exploits in Safari and WebKit, for iPhone 5s, iPad Air, and iPod touch 6th generation or later.
• ARM has made available the KPTI / KAISER kernel patches for Linux, while Google will provide them for Android.
• Google patched Android against both exploits with the December 2017 and January 2018 patches.
• Google shared details of their Return Rrampoline (Retpoline) binary modification technique that can be used to protect against Spectre attacks. It is a software construct that ensures that any associated speculative execution will “bounce” (as if on a trampoline) endlessly.
• NVIDIA issued six driver and security updates for affected devices and software between 3-9 January 2018.
• On 11 January 2018, AMD announced that the “majority of AMD systems” have received the mitigation patches against Spectre 1, albeit some older AMD systems got bricked by bad patches. They also announced that they will make “optional” microcode updates available for Ryzen and EPYC processors by the same week.
• In the same 11 January 2018 disclosure, AMD also shared that Linux vendors have started to roll out OS patches for both Spectre exploits, and they’re working on the “return trampoline (Retpoline)” software mitigations as well.[adrotate group=”2″]
• On 23 January 2018, Apple released Meltdown patches for macOS Sierra and OS X El Capitan, but not macOS High Sierra.
• On 23 January 2018, Microsoft finally revealed their Spectre and Meltdown patch schedule.
• On 24 January 2018, AMD revealed their 11 software mitigations for both Spectre exploits.
• The 24 January 2018 AMD whitepaper also revealed that the AMD K10 and K8 processors are vulnerable as well, adding an additional 663 CPU models to the list of vulnerable processors.
• On 2 February 2018, Microsoft released KB4078130 to disable the Spectre 2 patches that were causing many Intel systems to randomly and spontaneously reboot.
• On 8 February 2018, an Intel microcode update schedule revealed that their Penryn-based processors are also vulnerable, adding an additional 314 CPU models to the list of vulnerable processors.
• On 14 February 2018, Intel revealed an expanded Bug Bounty Program, offering up to $250,000 in bounty awards.

 

Some AMD PCs Got Bricked

In the rush to mitigate against Meltdown and Spectre, Microsoft released Windows 10 patches that bricked some AMD PCs. They blamed the incorrect / incomplete documentation provided by AMD.

You can read more about this issue @ These Windows 10 Updates Are Bricking AMD PCs!

 

Buggy Intel Spectre 2 Patches Updated!

Intel’s rush to patch Meltdown and Spectre resulted in buggy microcode patches, causing several generations of their CPUs to randomly and spontaneously reboot.

So far, over 800 Intel CPU models have been identified to be affected by these spontaneous reboot issues. If you have one of the affected CPUs, please hold off BIOS / firmware updates!

Intel has identified the cause as the Spectre 2 patches in their microcode updates for some of these processors. They’re still investigating the cause of the other affected CPU models.

Fortunately for Windows users, Microsoft issued the KB4078130 emergency update to stop the reboots while Intel worked to fix the issue.

You can read more about this issue @ The Intel Spectre Reboot Issue, and the Microsoft solution @ KB4078130 : Emergency Windows Update To Disable Intel Spectre Patches!

 

What Should You Do? Updated!

First and foremost – DO NOT PANIC. There is no known threat or attack using these exploits.

Although we listed a number of important patches below, the buggy updates are worse than the potential threat they try to fix. So we advise HOLDING OFF these patches, and wait for properly-tested versions a few weeks down the line.

• If you are using Windows, make sure you install the latest Microsoft Spectre and Meltdown updates.
• If you are using a Mac system, get the latest Apple Spectre and Meltdown patches.
• If you are using an iOS device, get updated to iOS 11.2 or tvOS 11.2.
• If you are using Firefox, update to the latest Firefox 57.
• If you are using Google Chrome, make sure you watch out for Chrome 64, which will be released on 23 January.
• Download and install the latest software firmware updates from your PC, laptop, motherboard brands. In particular, install the latest driver for the Intel Management Engine (Intel ME), the Intel Trusted Execution Engine (Intel TXE), and the Intel Server Platform Services (SPS)
• If you are running an ARM processor on Linux, grab the kernel patches.
• IBM POWER system users can download and install these firmware updates.
• Users of affected NVIDIA systems can download and install these driver and firmware updates.
• If you are using an Intel system, hold off updating your firmware, unless you have already verified that your CPU is not affected by the buggy Intel patches, or Intel has already issued corrected patches.

 

The Performance Impact Of The Mitigation Patches

Many benchmarks have been released, showing performance impacts of between 5% to 30%, depending on the type of benchmark and workload. Microsoft has called those benchmark results into question, stating that they did not cover both operating system and silicon microcode patches.

They released an initial report on their findings, which we have summarised in our article – Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix.

 

Meltdown + Spectre Reading Suggestions

[adrotate group=”2″]

• Everything On The Meltdown + Spectre CPU Flaws!
• The Complete List Of CPUs Vulnerable To Meltdown / Spectre
• The Microsoft Spectre + Meltdown Patch Schedule
• The Intel Spectre Reboot Issue – Everything You Need To Know!
• Intel Penryn CPUs Also Vulnerable To Meltdown + Spectre
• The Complete AMD Spectre Mitigation Strategy Guide
• The Apple Spectre + Meltdown Patches Detailed
• These Windows 10 Updates Are Bricking AMD PCs!
• Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix
• Yes, AMD CPUs Are Also Vulnerable To Spectre 2 Exploit
• AMD K10 And K8 Processors Also Vulnerable To Spectre
• KB3078130 : Emergency Windows Update To Disable Intel Spectre Patches!

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!