Spectre and Meltdown are being called “inherent design flaws” by some, although this is not politically correct. These exploits take advantage of critical vulnerabilities in modern processors. While the image we have used for this article says “virus,” these two exploits are not viruses. There is certainly a difference between a virus and an exploit, and the way that Spectre or Meltdown access information is recognized as an exploit.
It’s important to understand that it’s not just Intel processors that are experiencing this problem – AMD processors are experiencing it too, as are ARM. Any CPU in the last 20 years is vulnerable, and there’s no way to tell if you’ve been hit with it as there is no log files generated.
The challenge lies in the way that these two exploits work. Typically, a system protects data that should not be transmitted or shared from one application to another. This is called “protected data.” How the exploits work is, they take advantage of caching on your system. Caching is where the system uses predictive analysis to determine what may come next, so that it can get those instruction sets ready ahead of time. This speeds up the processing time on your system.
Meltdown and Spectre take advantage of caching and predictive analysis. The premise is to gleam data from the caching process and then export that data. Typically, this data would be protected under “protected memory,” but hackers have found a way to access that cached memory. In this way, they can obtain data from the computer that normally should be encrypted or protected.
Initially, Intel said that only older systems could or would be affected by these identified vulnerabilities. However, Intel has now recently confessed that any systems manufactured in the last 20 years could be vulnerable.
A patch was recently released to combat the Spectre exploit, but this patch has caused systems to get stuck in a “reboot loop,” rebooting endlessly. Microsoft has now “disabled” the fix – they have released a patch for Windows 7, 8.1 and Windows 10 which disables the fix for Spectre variant 2. Microsoft is stating that the new patch should stop computers from rebooting and not being able to load the OS.
Intel has taken heat over these exploits, not because they are being blamed as “building chips with design flaws” but because of the way they have handled the problem from the beginning. The finger is also being pointed at Intel for alerting companies in China such as Lenovo and Alibaba, before notifying the government in the U.S.
Many also believe Intel has downplayed this problem from the beginning, and should had been more honest with their customer base about how wide spread this exploit is at this time.