Spectre and Meltdown are a big deal

Anthony Caruana
15 January, 2018
View more articles fromthe author
AAA
News

Typically, the break between Christmas and mid-January is a slow news time punctuated by the barrage of consumer electronics news coming from Las Vegas’ Consumer Electronics Show. But, this year was a little different. Three flaws in the processors of the vast majority of computing devices released over the last 20 years were revealed.

Two of those flaws come together under the name Spectre with the third tagged as Meltdown. Here’s a short description of what they are and why they matter.

Imagine walking into a restaurant. In order to serve you faster the chef prepares everything on the menu and has it ready so you can be fed straight away. In computer processor terms this is called speculative execution. It’s used so processors deliver output faster than processing everything on demand.

In a different situation, the restauranteur might know you and that you order the same two things every time you come in. So, the chef looks at you, what time it is and the day of the week and takes a guess at which meal you want and prepares it. For a computer processors, that’s called branch prediction.

In the case of Spectre, the flaw allows an unauthorised program to access the information that is used by the processor in preparing all their meals or the ones it selectively makes for branch prediction. Or a program can be written that reveals confidential data by tricking the processor into carrying out a false speculative ecxecution or branch prediction.

Meltdown can access the processor memory to see what was not selected and harvest that data.

Fixing these issues is not easy and basically relies on telling operating system software and the microcode running in processors to not carry out speculative execution and branch prediction in particular situations. The result is a reduction in processor performance as they can;t guess what we’ll need ahead of time.

While Intel, who makes most of the processors in personal computers including all Macs, is mainly in the Spotlight, Spectre and Meltdown also affect all iOS devices.

So, when Software Update offers an update – take it. While no one has been attacked as a result of these flaws, now that they are public knowledge, bad guys will be looking for ways to use them.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us