Vulnerability of most modern processors opens access to all passwords and personal data

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

The problem affects almost all chips released since 1995.

Yesterday, Western media began to shake the news that virtually all Intel processors released over the past 20 years are subject to a serious vulnerability. Using it, attackers can gain access to all logins and passwords, cached files and any other personal data of users.

Which processors are at risk

Intel representatives officially confirmed the threat, noting that other manufacturers are also vulnerable. Researchers from Google Project Zero agree with this opinion. ARM said the Cortex-A processors used in smartphones may be at risk, but accurate risk assessment takes longer. AMD also acknowledged the danger of the situation, but at the same time declared about "almost zero risk" for their processors.

What attacks are possible

The vulnerability conditionally allows for two types of attacks, which are named Meltdown and Specter.

Meltdown mostly concerns only Intel chips and breaks the isolation between programs and the operating system kernel, due to which it is possible to access all the data stored by the OS.

Specter, on the other hand, allows local applications to access the contents of the virtual memory of other programs.

How to fix a vulnerability on a PC

It is quite possible to cope with Meltdown programmatically, that is, at the expense of the so-called patches that will prohibit applications from using the internal memory of the system. However, after such an update, the overall work of the computer can be slowed down by 5-30%.

Microsoft has already released a corresponding update for Windows 10, and on January 9, similar patches for other versions of Windows are expected to be released. Necessary updates for Linux are also coming out from the beginning of December. In macOS 10.13.2, released last month, part of the Meltdown vulnerability has already been closed, but the whole problem will probably only be solved with the next update.

Google is also actively working on fixing the problem, admitting that Chrome is also susceptible to the attack. Prior to the release of a browser update, users are encouraged to manually enable site isolation from each other.

What's with smartphones

As for mobile devices, there is also a risk of attacks, but on most gadgets the vulnerability is difficult to reproduce. And yet, the latest security patches from Google have already been released for the Nexus 5X, Nexus 6P, Pixel C, Pixel / XL and Pixel 2 / XL.

Other smartphone makers have received the patch as well. But at what speed it will be sent to gadgets is unknown.

When the vulnerability is completely fixed

If the Meltdown situation with software updates dies down, then the Specter is much more complicated. There are no ready-made software solutions at the moment. According to preliminary data, in order to completely protect against attacks of this type, it may be necessary to change the processor architecture itself. In other words, patches won't help here. The problem will be solved only in the next generation chips.

What users should do

The only sure way to solve the problem for PC and smartphone users is to promptly install all available updates for the operating system and software. Do not delay downloading available updates and do not forget to reboot your device after updating.