Skip to main content
close search
site logo
Dive Brief

Microsoft, Google among companies having a 'Meltdown' following widespread bug

Published Jan. 4, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Wikimedia Commons

Dive Brief:

  • The only solution for the two security flaws circulating the tech sphere, known as Spectre and Meltdown, is to replace all CPU hardware, according to the Computer Emergency Readiness Team (CERT). The exploits allow access to "otherwise protected kernel memory and [bypass] KASLR," according to the report. Patches only mitigate risk.
  • Thus far, CERT said vendors including AMD, Apple, Google, Intel, Microsoft and Mozilla are affected. The vulnerability is said to have been around for more than two decades in "modern processor architectures," according to Amazon. However, while nearly all of AWS is protected, AWS customers are advised to follow patching protocols. By the end of next week, Intel expects to have updates and resolutions for about 90% of its processors made in the last five years. The company maintains any performance slow-downs after an update are workload-related. 
  • ARM confirmed that its chips, used in Android, iOS, Nvidia and Sony devices, are impacted by the flaws. The company gave directions to individuals with devices containing exploited chips and offered kernel patches to mitigate threats. Google's infrastructure, including YouTube, Maps and Search, was impacted by the vulnerability, but no consumer action is needed, according to a company announcement. However, owners of Google Chrome OS and Android devices are advised to take necessary actions. 

Dive Insight:

The tech world went into hysterics this week as nearly all computer-owning consumers were "most certainly" impacted by the bug, according to Google contributors and third-party researchers.

The severity of the bug is not limited to its scope. Researchers found that the flaw left no traces in "traditional log files," making it near impossible to know if a computer's memory was exploited. Meltdown specifically targets desktop, laptop and cloud computers and nearly all Intel processors since 1995, with some exceptions. Spectre, however, affects smartphones and modern processors.

Exploiting vendor trust and disrupting the supply chain are tactics malicious actors are sure to capitalize on in 2018. The widespread attention to this "speculative execution"-style attack is forcing companies to put out patches to protect their consumers.

As of now, IT departments need to search their networks for devices with compromised chips. If overhauling a device's internal hard drive cannot be performed in a time-sufficient manner, coupling security updates with firmware updates is imperative. However, PC vendors have yet to release firmware updates. 

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell