The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices.
Currently, vendors are focused on three main mitigation efforts. Patches that address the Meltdown flaws are KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed). On Thursday, Google unveiled a Retpoline coding technique for mitigating against Spectre attacks.
Intel said last week that it is “rapidly issuing updates for all types of Intel-based computer systems” that include software patches and firmware updates that will “immunize” more than 90 percent of processors introduced in the past five years. By the end of this week those ambitious patching efforts will be complete, Intel said.
Security experts say two vectors that exploit Spectre will be particularly challenging to “immunize.”
Currently known methods for exploiting Meltdown and Spectre are identified as variants “bounds check bypass” (CVE-2017-5753/Spectre/variant 1), “branch target injection” (CVE-2017-5715/Spectre/variant 2) and “rogue data cache load” (CVE-2017-5754/Meltdown/variant 3).
“Meltdown is a well-defined vulnerability where a user-mode program can access privileged kernel-mode memory. This makes patching Meltdown much easier than Spectre by ensuring kernel memory is unmapped from a user-mode, which is what we see in the form of kernel page-table isolation (KPTI),” said Jeff Tang, senior security researcher at Cylance.
Spectre is much more difficult to attack to carry out because it breaks the isolation between different applications, researchers say. But at the same time, it will also be harder to patch.
Ben Carr, VP of strategy at Cyberbit, said there is not a single patch that can be applied for Spectre and mitigation efforts will require ongoing efforts. He said Spectre attacks do not rely on a specific feature of a single