Weekly digest - 2018.01

Weekly digest - 2018.01

This week passed mostly with discovery of two new CPU vulnerabilities called Meltdown and Spectre.

Here is TLDR version:

  • Researches from Google's project zero and couple of universities around the
    world found two exploits in current CPUs and called them Meltdown and
  • Meltdown affects only Intel CPUs.
  • Spectre affects all chips (Intel, AMD, ARM).
  • There are security patches for Meltdown. They can affect computer performance
    from 0% to 30%. The slow down depends on the task and the processor model.
    Fortunately the impact for "normal" users should be minimal, but if you run
    server you might not be that lucky.
  • There is no one magical fix that can protect users from Spectre.
  • Definitely, in the future, there will be multiple patches that will try to
    fix different aspects of this exploit.
  • Don't panic! All you need to do is to update your operating system. All major
    systems already prepared patches.

Here is the list of links for those who want to know more.

Site dedicated to those exploits
Meltdown academic paper
Spectre academic paper
Google Project Zero Technical explanation

Simple explanation of the Meltdown bug

Intel's statement and whitepaper
List of affected CPUs

Benchmarks showing how meltdown fix is slowing down CPUs
More benchmarks
How meltdown fix affected Epic's Fortnite servers

AMD's statement
ARM's statement and whitepaper
Apple's statement
Google's statement

Why Raspberry PI isn't vulnerable to Spectre or Meltdown
Funny parody of Intel's stickers

Image credits: Meltdown Attack.