Nearly every computer manufactured in the past 20 years is affected by Meltdown and Spectre, two momentous computer bugs. And the rollout of the patches is not going well, leading an expert in the field to say it will take years for full implementation.
Fixes for Processor Flaws a Long Way Off
One of those experts is Paul Kocher, who was part of the research team that discovered Spectre. He told Selena Larson of CNN Money, “If you look at how long it’s going to take for all of the relevant software on your PC, including the drivers and such are updated, you’re probably looking at many years before that process is done.”
Small businesses that rely on computers for their daily operations don’t have years. So the questions are what are these bugs, how vulnerable is your computer and are the patches working?
What are Meltdown and Spectre?
Explaining Meltdown and Spectre is a bit complicated. But basically, here is what takes place. When the processor on your computer performs speculative execution and caching, the data is supposed to be isolated and protected.
Speculative execution is used by computer chips to essentially predict the future enabling them to execute functions faster. It starts working on probabilities before you make a choice by tackling multiple logical branches.
Caching is used to speed up memory access by using a small amount of memory storage called CPU cache. Because it lives on the CPU and speculative executions are also stored in cache, issues with protected memory arise.
If this vulnerability is exploited, hackers can gain access to data which until the discovery of these bugs was deemed protected.
You can take a look at the video by RedHat to get another perspective on the bugs.
The flaw in the processors goes back 20 years so most if not all brands will be affected. Intel did introduce a fix but later warned computer companies to wait before implementing the patches. Microsoft, Apple, Google, and Firefox have issued fixes so you can go to their sites and get more information by clicking on the name of the respective company.
If you want a more detailed explanation, the Google Project Zero team has the information here.
Photo via Shutterstock