This week, news of massive security vulnerabilities afflicting every modern model of Intel processor went public, even as developers for practically every major platform frantically rushed to roll out fixes. Much more information has now become available about Meltdown and Spectre, a group of attack methods malicious parties could use to break into some of the most sensitive inner workings of any device using the affected CPUs.

Here’s what we know so far.

What’s the problem?

In 2017, Google’s Project Zero team in collaboration with researchers at a number of different universities identified an absolutely massive problem with speculative execution, one of the techniques employed in modern microprocessors as a way of improving performance. 

Essentially, when a processor uses speculative execution, instead of performing tasks strictly sequentially, it predicts which calculations it might need to do subsequently. It then solves them in advance and in parallel fashion. The result is that the CPU wastes some cycles performing unnecessary calculations, but performs chains of commands much faster than if it waited to process them one after the other.

However, there’s a serious flaw in the way modern processors are hardcoded to use speculative execution—they don’t check permissions correctly and leak information about speculative commands that don’t end up being run. Whoops.

See Full Article here