The safeguards built into these programs are actually making the applications more vulnerable. By the time Intel launched its 8th generation Core 'Coffee Lake' desktop processor family (September 25, 2017, with October 5 availability), the company was fully aware that the product it is releasing was vulnerable to the three vulnerabilities plaguing its processors today, the two more publicized of which, are 'Spectre' and 'Meltdown. Modern processors are designed to perform something called 'speculative execution. This vulnerability can be exploited to trick your system’s safe programs into leaking sensitive data. Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. However, certain vectorization-heavy workloads may see some impact,” Intel said in a statement. While Meltdown is specific to Intel processors, Spectre affects almost every processor on the market. “For most workloads, Intel has not observed reduced performance due to this mitigation. The fixes are being released with an option to disable them because of the potential that they could have an intolerable impact on performance for certain enterprise users. Intel's current generation chips-including those in the Alder Lake, Raptor Lake, and Sapphire Rapids families-are not affected, because attempts to exploit the vulnerability would be blocked by defenses Intel has added recently. “Based on my past experience working on these types of vulnerabilities, I had an intuition that there could be some kind of information leak with this instruction.” The vulnerability affects the Skylake chip family, which Intel produced from 2015 to 2019 the Tiger Lake family, which debuted in 2020 and will discontinue early next year and the Ice Lake family, which debuted in 2019 and was largely discontinued in 2021. “Memory operations to access data that is scattered in memory are very useful and make things faster, but whenever things are faster there’s some type of optimization-something the designers do to make it faster,” Moghimi says. Moghimi will present his findings at the Black Hat security conference in Las Vegas on Wednesday. Intel refers to the flaw as Gather Data Sampling after one of the techniques Moghimi developed to exploit the vulnerability.
INTEL TO SPECTRE MELTDOWN CHIP FLAW CODE
This latest vulnerability, dubbed Downfall by Daniel Moghimi, the Google researcher who discovered it, occurs in chip code that can use an instruction known as Gather to access scattered data more quickly in memory. But the need for speed remains a business imperative, and both researchers and chip companies still find flaws in efficiency measures. Intel has invested heavily in the years since these so-called speculative execution issues surfaced to identify similar types of design issues that could be leaking data. The flaws represented specific bugs but also conceptual data protection vulnerabilities in the schemes chips were using to make data available for processing more quickly and speed that processing.
/cdn.vox-cdn.com/uploads/chorus_image/image/58204001/Intel_inside.0.jpg "intel to spectre meltdown chip flaw")
The new security patches have not slowed its performance, but it will use the security issues as an opportunity to re-evaluate its use of Intel products, said Chief Technology Officer John Graham Cumming.It’s been more than five years since the Spectre and Meltdown processor vulnerabilities sparked a wave of revisions to computer chip designs across the industry.
INTEL TO SPECTRE MELTDOWN CHIP FLAW SOFTWARE
Cavium and ARM rival Qualcomm work together to reduce the amount of software that has to be rewritten for ARM chips.Ĭloudflare, a San Francisco cloud network company, has been evaluating ARM chips. Cavium said it aimed to rival the performance of Intel chips for applications like databases and the content-delivery networks that help speed things like how fast online videos load.Ĭavium is working with Microsoft and “several other cloud” vendors, said Gopal Hegde, vice president of the data center processor group. According to ARM, some of their processors are also affected. At the moment, it is unclear whether AMD processors are also affected by Meltdown. Currently, we have only verified Meltdown on Intel processors. And ‘s Amazon Web Services (AMZN) chose AMD graphics processing units for a graphics design service announced in September.īoth Qualcomm (QCOM) and Cavium are developing ARM chips aimed at data centers. We successfully tested Meltdown on Intel processor generations released as early as 2011. Intel chips are vulnerable to both Meltdown and Spectre. Alphabet‘s Google (GOOGL) said in 2016 that it was designing a server based on International Business Machines’s Power9 processor (IBM). As such, Meltdown and Spectre affect a wide variety of personal and business devices in fact, almost every computer in the world is vulnerable.
0 kommentar(er)
