Intel, Amazon, Microsoft and others are playing down concerns over the impact of the massive Spectre and Meltdown vulnerabilities affecting computers, servers and mobile devices worldwide.
The two flaws, Spectre and Meltdown, are far reaching and impact a wide range of microprocessors used in the past decade in computers and mobile devices including those running Android, Chrome, iOS, Linux, macOS and Windows. While Meltdown only affects Intel processors, Spectre affects chips from Intel, AMD, ARM and others.
Currently known vectors for exploiting the flaws are identified as “bounds check bypass” (CVE-2017-5753/Spectre), “branch target injection” (CVE-2017-5715/Spectre) and “rogue data cache load” (CVE-2017-5754/Meltdown), according to researchers at Google Project Zero.
Here is how companies are responding to revelations of the flaws, also referred to as “speculative execution side-channel attack” vulnerabilities.
As for Intel, all Intel processors released since 1995 are impacted by Meltdown, according to researchers. The company said Wednesday that OEMs will release relevant Intel firmware updates to address the issue. “Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available,” the company said in a statement.
Microsoft said it was offering an out-of-band update for Windows, ahead of next week’s Patch Tuesday security update. “Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services,” the company said in a statement to its Security TechCenter.
Linux security patches, protecting against Spectre and Meltdown exploits, were pushed out last week. Thomas Gleixner, a Linux kernel developer, posted last month to the Linux Kernel Mailing List information about isolation patches called KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed).
Mobile chip designer ARM said most processors designed by the company are not affected by Spectre. Those chips that are include: Cortex-A75, Cortex-A73, Cortex-A72, Cortex-A57-, Cortex-A17,