What are Spectre and Meltdown? « Back to Questions List

Spectre and meltdown are two recently identified vulnerabilities in the microprocessors. Most of the computers and similar gadgets depend on microprocessors for carrying out various operations. Spectre is identified in Intel, AMD and ARM microprocessors while Meltdown is identified in the processors produced by Intel. Incidentally, intel is the brain behind majority of PC brands and mobile phones. And the three processors together cover almost all the computers, smartphones and electronic gadgets in the world. Thus,  the vulnerabilities are capable of damaging the world of computing. 

The shortcomings were first identified around one year back by security researchers in Google and Graz University of Technology. They alerted companies such as Microsoft and Apple to take care of the aspect and decided to publish the discovery later on to minimize damages. It is pointed out that the vulnerabilities Spectre and Meltdown have been in existence since 1995. It is surprising that that two vulnerabilities with devastating power to damage precious  confidential and private data in millions of computers, mobile phones, web browsers and other  smart gadgets remained unidentified and unexploited by cyberattackers. .

Spectre and meltdown are two recently identified vulnerabilities in the microprocessors. Spectre and Meltdown have been in existence since 1995.

A process called speculative execution is widely used by microprocessors to guess what the user will do next. This guessing is used to speed up the performance and perform the task faster. The process enhances the efficiency of microprocessors.  It is now identified that the stack of data relating to this process is not stored in a highly secured manner. Both the Spectre and Meltdown exploit this security lapse. 

To address the issue, PC and chip manufacturers have been releasing software updates. Considering the number of PCs and smartphones in use, preventing any cyberattack based on these vulnerabilities is a herculean task.   Companies such as Google, Microsoft and Apple have been releasing updates for quite some time to fix the issue. Apple has succeeded in updating its Safari browser. Google used the patch Reptoline to address the issue. Microsoft though initially failed in addressing the issue, has reportedly rectified the position. Timely update using the patches is a best practice that can be adopted by all users of PCs and Smartphones to prevent cyberattacks. 

Though technology, especially computing technology  has been transforming human life, all need to be aware that risk is also a part of technology boom and should be ready to address security lapses at short notice. 

Different types of cyberattacks

What is SIM swap cyberattack on bank accounts?