Tech companies are trying to fix the problem with CPU's that can be exploited to leak data from computers.
Google Project Zero team discovered a serious problem with the INTEL , AMD and ARM chipsets that can cause leakage of data from computers.
Before public announcement, this isse was reported to AMD - ARM and INTEL on 01.06.2017
AMD reports an update on the issue.
ARM proposes a software update to fix the issue
INTEL provides no feed-back until now.
According to their report, there are 3 variants of the issue :
Variant 1 : Bounds check by-pass ( called Spectre )
Variant 2 : Branch target injection( also called Spectre )
Variant 3: Rogue data cache load ( called MeltDown )
Spectre Attack
The SPECTRE attack is targeting high speed CPU since these processors, to increase the speed uses a tecnique called Speculative Execution.
Speculative execution:
Guessing future execution path and prematurely executing instructions in them.
This technique opens the CPU to the hacks as it is defined in the paper :
As a summary, Spectre is fooling the speculative execution property of CPU to leak information from victims computer.
MeltDown Attack
The MELTDOWN attack is targeting another optimization technique called Out of Order Execution.
Out of Order Execution :
Processing information as soon as resources are available instead of traditional sequenatial execution.
That is a strong optimization way but on the other side this exposes the CPU to attacks as defined in the paper.
To simplify, MeltDown attack is using the cache data storing property of Out of Order Execution technique to steal data from the stored cache.
Since this issue is found six months ago but annouced to public just recently, the big question mark is "is this already being exploited and to what extent"
FD.