Meltdown and Spectre CPU vulnerabilities: One week later

Microsoft, Google and Apple have all released patches for Intel, AMD and ARM CPU security risks, but now what?

Comments

  • ciderrules

    Ernie from Sesame Street…

    “One of these things is not like the others, two of these things are kinda the same.”

  • TechRanger

    You may want to check but I believe these vulnerabilities were discovered over 6 months ago just not released to general public until recently – Google’s Project Zero were the first to report it to Intel in May-June. There is an article on Wired that elaborates on the timeline.

    • Captain H. Morgan

      Did Intel do anything about this vulnerabilities given that it was discovered over 6 months ago?
      My understanding it they didn’t release any patches until late December 2017/

    • Ulfredsson The Vanquisher

      The fact that they are releasing patches means they have been working on it. I’m not trying to defend the company, but come on… you don’t create a security patch like this in a few weeks. They wouldn’t release the info about it until they were ready because the second word gets out about a security risk as massive as this, every ne’er do gooder would go buck wild trying to discover it.

      S**t takes time to create and not break functionality. This issue runs veeeerrrrrrrrrry deep.

    • rick

      I think the point was – Intel has “known” about it for far longer. They appear to have done nothing until their hand was forced and the vulnerability is leaked.

      Intel could have been working with big players for the last 8 months to iron out the kinks on any needed patching. Further – to say Microsoft or other big players were “surprised” by this and have only had weeks to come up with patches is crazy as well. All the big players knew.

    • TechRanger

      I think the information was ‘leaked’ so although they have likely been working on it for some time, they were not necessarily ready to distribute patches quite yet. The (Wired) article goes on however to discuss how 4 different researchers discovered the bug in this same year despite the fact that apparently these vulnerabilities have been there lying dormant (as far as we know) for nearly twenty years! What is surprisingly remarkable is that all the major partners (e.g. Android, Apple, Linux, and Microsoft ) were able to keep it confidential for so long! No matter how you look at it though, it is still a major mess/issue and it will have significant impacts for some time to come! Hopefully, it will serve as a wake-up call that security needs to be meticulously analyzed and cannot be compromised in relation to performance!

      Technology is becoming so intertwined in our everyday lives that an epic collapse of security such as Meltdown/Spectre cannot be allowed to happen again… additional safeguards/layers of redundancy must be put in place!

    • rick

      “additional safeguards/layers of redundancy must be put in place!”

      consumers don’t want to pay for it…………or companies don’t want their profits impacted. Don’t disagree its needed – just saying it’s going to come at a cost. We throw technology away every 6 to 12 months as consumers – literally. The only other way around this would be a subscription model to ensure you’re device has a 3 year security/relevancy window. Again – people don’t want to pay for that.