The vulnerability affects all the Intel CPUs of the Core-based series, according to Intel’s official statement. The horrible thing is, it’s present physically inside the processors, meaning that any operating running on any Intel Core-based CPU will be vulnerable to the attack.

What is Lazy FPU context switching?

At first, let’s talk about the vulnerable section of the CPU. Lazy FPU context switching is a performance optimization feature. It’s responsible for saving and restoring the FPU (Floating Point Unit) registers. These registers hold the floating point numbers and allows access to those whenever necessary.

Now, the bug here is physical. The physical bug in the CPU allows other processes to sneak into these registers along with their data.

The problem is, these numbers are necessary for various important tasks like cryptographic equations. Thus, a hacker may be able to sniff out numbers from these registers to crack an encryption key. The next moment, everything else will be gone.

The scope of the vulnerability

Despite it’s a major CPU bug in the processors, it’s not executable using a web browser. That makes this vulnerability less effective than the Meltdown. Meltdown is preventable with operating system patches in cost of performance.

Rumors about the bug

Before the vulnerability was officially disclosed, there were rumors about it since DragonflyBSD and OpenBSD released notices about patches that would fix this vulnerability. The notice was a strong indication that there was something wrong with the FPU registers in Intel’s processors.

Thankfully, this bug is preventable without changing the existing microcode. That’s a big relief for Intel whereas vendors are working for fixing the issue with future patches.

Here is a list of all the official statements of different vendors.

The post New Flaw in Intel CPUs – Lazy FP State Restore appeared first on Linux Windows and android Tutorials.

The Meltdown exploit was discovered by three teams – a team at Cyberus Technology, Jann Horn at Google Project Zero and a team at the Graz University of Technology. They discovered and reported the flaw independently.

The Spectre exploit was discovered by a team led by Paul Kocher along with representatives from the University of Pennsylvania, University of Adelaide, Data61, University of Maryland and Rambus. The flaw was identified and reported independently.

Why are these threats so dangerous? They allow a hacker to simply use the hardware resource to steal information while leaving no trace in the traditional log file! Even traditional antivirus software is unlikely to detect illegal access to programs using the exploit.

Why these bugs are serious

Unlike other heinous bugs found previously, these two bugs are more serious to date. The truth is, these bugs not only affects desktops & laptops but also virtually all the company’s processors produced since 1995 with a few exception.

Both of these bugs allow unauthorized access to the processing data. Generally, a program isn’t allowed to read other apps’ data and is ensured by the hardware. Unfortunately, these bugs allow such action to perform.

How the Meltdown and Spectre work

Meltdown: This one mainly affects most of the Intel processors. This bug works by breaking the barrier that prevents apps from getting access to arbitrary locations in the kernel memory. The kernel segregates and protects memory for every single process and keeps a barrier so that one can’t interfere with another’s data. However, the meltdown bug now makes this serious procedure unreliable. This flaw mostly makes desktops & laptops vulnerable.

This flaw even allows anyone in the cloud to retrieve the data without any permission and privilege. Virtually, this affects every user of a personal computer. Intel’s “speculative execution” method used in the processors doesn’t fully segregate processes by low-privilege and high-privilege that are meant to be in the computer’s kernel memory.

Spectre: Intel, AMD and ARM processors are affected by this bug. The working method is different than meltdown bug, however. This flaw tricks applications into disclosing the secured data inside their protected memory area. This exploit is harder to pull off. However, this bug affects even mobile devices, thus making it even harder to patch up and fix.

This is a set of attacks that involve unexpected and incorrect execution of the victim program that leaks the victim’s confidential data via a side channel. Unlike Meltdown, this affects virtually every device.

Intel processors are the most vulnerable to these bugs. AMD and ARM processors seem to be largely immune to the Meltdown bug. However, the Spectre affects everyone.

The bug fix

These two monstrous bugs work on the hardware level. When there’s a bug with the software, it’s much easier to find out and fix. Like the major bugs the popular software (OpenSSL – Heartbleed, Linux – Shellshock etc.), these hardware bugs are harder to fix.

In the case of Meltdown, it’s easier to temporarily patch the software system. Linux, Windows, OS X etc. have already released a patch for this one. However, the work on Spectre is still ongoing.

How to stay secure

These bugs are pretty difficult to exploit. Unfortunately, these are hard to fix and hackers will always try to use these exploits to their advantages.

For end users, it’s pretty difficult but several steps will surely slow down any hacker.

• Update all your software to the latest version.
• Whenever available, update your device drivers.
• Update your anti-malware tool and scan your system for any malicious tool. You can check out for the best antimalware tools.
• Apply any system patch if available.

All the tech giants are already working to fix these flaws. AMD believes that they’re on the least. Microsoft relied heavily on Intel processors. They’re going to have a patch very soon. Linux devs already released a fix. Apple’s patch for macOS, iOS, tvOS is on the way. Google has already safeguarded their products and services from the flaw.

In the case of Intel processors, the current fix ensures security in the cost of performance. However, we need to wait quite a long time until every single hardware is patched up. It’s a reminder for the future technologies not to ignore any single bit to test for any security threat. We hope that all the new upcoming processors won’t have these flaws anymore.

Until everything’s alright, just stay tight and alerted!

The post The Meltdown and Spectre – All Computers at Stake appeared first on Linux Windows and android Tutorials.