The page lists all affected Intel processors, recommendations, and other information. Intel made the decision to bundle the two updates to "streamline the process for our industry partners and customers".Īdditional information about affected products is available on the Q2 2018 Speculative Execution Side Channel Update page on Intel's Security Center website. The same update includes microcode that protects against Spectre Variant 3a. System performance may drop by 2% to 8% in benchmarks if the mitigation is enabled according to Intel. The updates won't affect performance of systems they are installed on in off-state. The company plans to release the update in an off-state by default giving customers the option to enable it, or not. OEM manufacturers received beta versions of the microcode update already and Intel announced that it plans to release the final versions in the coming weeks. In other words, microcode and software updates. Still, Intel and the company's software partners, offer "additional mitigation for Variant 4". Intel is not ware of exploits in the wild and believes that mitigations deployed by browser developers to protect or mitigate against previous Spectre variants help mitigate Spectre Variant 4 attacks as well. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. The web browser is the most likely attack vector for Variant 4 as the researchers demonstrated the vulnerability in a language-based runtime environment. The new vulnerability affects processors by Intel, AMD and ARM and uses speculative execution just like other Spectre variants disclosed earlier this year. Intel published information on the company's Newsroom website about Spectre Variant 4. He found Intel attempting to make the security patches optional, as well as OS-based so that they don't have to completely overhaul their CPU design (which is the only option for real security-I'll explain why in a moment).Īn alternative would be issuing two patches where one enables the security patches and a second one that implements the fixes to the kernel.Hot on the heels of the news of newly discovered Spectre Next Generation vulnerabilities comes news of a new threat that Microsoft and Google disclosed recently.ĪMD published a whitepaper which you may access here. You can read the rest of his tirade here. In fact, Torvalds went as far as to declare the Intel patches as "COMPLETE AND UTTER GARBAGE." Linus Torvalds, the creator and principal developer of the Linux kernel, remains highly critical of the entire Spectre/Meltdown patch process. Oh, and Apple similarly retracted claims regarding protections for older machines, releasing a plethora of patches for High Sierra, Sierra, and El Capitan. Then at the end of January, Microsoft also announced that the Spectre and Meltdown patches for Windows 10 were compromising performance and causing random fatal errors, confirming that their security fixes were buggy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |