Alexander Koerner—Getty Images
By Aaron Pressman and Robert Hackett
January 4, 2018

(Adam Lashinsky is on vacation. Today’s essay is by Fortune writer Robert Hackett.)

A bomb cyclone hit the IT world on Wednesday as tech giants and computer security researchers released details pertaining to two major security holes that affect the processors in almost all computers. Researchers—including ones employed by the likes of Google, various tech firms, and academic —independently discovered the attacks last year.

The vulnerabilities could allow attackers to swipe sensitive secrets from the memory of almost all devices, including phones, tablets, PCs, and computer servers. Experts have warned that hackers could develop exploits to purloin personal data, passwords, cryptographic keys, and other supposedly inaccessible information from targets.

Several programmers have already demonstrated proofs of concept for these so-called side channel attacks.

The attacks plague hardware produced by top chip makers like Intel and Advanced Micro Devices, and SoftBank-owned chip designer ARM Holdings. Big tech companies, including Microsoft and Apple, have been scrambling in recent weeks to address these threats by developing fixes for their software while cloud computing giants, like Amazon and Google, have been rushing to apply patches to their data center infrastructure.

The first attack, dubbed “Meltdown,” is specific to Intel chips and allows hackers to circumvent the isolation barrier between user applications and operating systems, thereby opening up access to otherwise restricted machine memory. The second problem, “Spectre,” which is harder to exploit but has no available patches, lets hackers pry secrets out of the memory of devices running Intel, AMD, and ARM chips.

For more coverage of the flaws and the industry’s response so far, see our in-depth story.

Robert Hackett


You May Like