Skip to main content
close search
site logo
Dive Brief

Meltdown and Spectre are not done yet — 8 flaws reported

Published May 4, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Jon Sullivan [Public domain], from Wikimedia Commons

Dive Brief:

  • Eight new flaws in computer central processing units (CPUs) have resurrected from ashes closely resembling the Meltdown and Spectre flaws, reports Reuters. A German computing magazine first reported the flaws and says Intel intends to patch the flaws. ARM Holdings may also have vulnerable chips.

  • Intel responded to the claims saying it has always been in the company's best practice to have a "coordinated disclosure" of "potential issues," according to an announcement by Leslie Culbertson, executive VP and GM of Product Assurance and Security at Intel.

  • Culbertson did not confirm or deny the new revelations, but encouraged customers to routinely check for system updates. In the meantime, Intel continues working with industry partners and researchers while "reserving blocks of CVE numbers" to help mitigate possible issues.

Dive Insight:

The Meltdown and Spectre flaws were revealed in January and caused the tech community to fall into a tizzy. The flaws dated back decades and Intel chips were at the forefront of public backlash.

However, Intel's microprocessors were not compromised in isolation. Instead, chips from nearly two decades ago were causing industry partners like Microsoft and Google to release their own patches.

If the flaws are correctly manipulated, a hacker could essentially access all the "secrets" stored in a chip's memory. If a processor with enough power is tapped, a hacker could send malicious code throughout a computer's system.

However, rest assured that type of system hijacking may only be viable in chips dating back 10 years or so because microprocessors made before this time are simply not refined enough to handle and run mass, malicious code.

Risks exist beyond the month they are exposed, and after about five months months, Meltdown and Spectre are proving just that. Because the flaws take advantage of speculative execution — a feature that aids a chip's performance — it highlights the industry's tendency to shift focus away from a product's security and onto its performance.

Favoring the latter will only result in more flaws in future products. Customers need to trust their vendors are producing reliable products that won't compromise the data they're trusting their vendors to protect.

With the ongoing Meltdown and Spectre saga, it is unknown how many different ways Intel can address the safety of its future products.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell