What Are Spectre And Meltdown And Why Should You Care?
The tech world is currently reeling over the newest bugs that have hit almost every electronic device. Spectre and Meltdown are the collective names for three different vulnerabilities found in processors running on a large number of the devices we rely on, including desktops, notebooks, smartphones and other gadgets. Though there are two names, we are actually dealing with three vulnerabilities.
Two of the vulnerabilities are of a similar nature so they are collectively branded as Spectre. Spectre is described as "Systems with microprocessors utilizing speculative execution and direct (for 2017-5715) and indirect (for 2017-5753) branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis".
Meltdown is similar but it allows an attacker to conduct side-channel analysis of the data cache.
Let’s simplify things. All these vulnerabilities mention something called speculative execution. That’s the part where a processors carry out tasks preemptively. According to Lifehacker it's a lot like when McDonalds used to make burgers ahead of time. Some of the burgers were tossed out but it meant that when you walked into the restaurant, you were served quickly. Computers often do stuff ahead of time in order to boost performance. This is mainly done by guesswork and processors are pretty good at it.
The Spectre and Meltdown vulnerabilities make it possible for someone to either manipulate the results of the speculative tasks or see the outcomes of the wrong decisions that are discarded. It is possible to get a CPU to run some bits of code it would normally discard, that could lead to potentially nasty consequences.
At the moment there isn’t any known attack using these vulnerabilities. As manufacturers are gearing up to patch them, it is expected that the affected devices will face a performance hit.