At the start of 2k18, Intel was given a shock when Meltdown was found. Meltdown – a security level flaw was detected which caused the computer’s processors to melt due to the extreme heat generated by running some kind of applications. Intel then gave a statement that they will be increasing the prize of the bug bounty program to find more chip-level flaws in its processors. But unfortunately, another such flaw in the processors has come out in the market.
DISCOVERY OF THE FLAW
Google’s Project Zero head Horn said that he first discovered the flaw by noticing the Intel’s Optimization Manual. He said that, while loading an instruction the microprocessor fetched the preceding store location till all the locations were known. Experimenting further, Horn found that this effect can be used to cause a speculative exclusion which can continue far enough inside the memory location which will cause the pointer to read the data from the memory location which were previously being ignored. In November 2017, Microsoft disclosed the flaw to its selected industrial partners which was later revealed to everyone.
INTEL’S RESPONSE TO THE SECURITY FLAW
Intel has tried to wash away all the claims by stating that it has not seen any real time case of its processor being affected by the language-based security flaw and that they have been dealt in the last update itself which was released for Meltdown in the month of January.
Intel rated the vulnerability as mediocre as it says the major web browsers have already released the patch for it. Intel has sent patches to the OEMs so firmware updates can be issued for its products. The Speculate Bypass Protection can also be enabled which is disabled by default. Enabling the protection mode will cause a dip of two to eight percent in the performance of the processors. So, Intel provides the users with the ability to enable the tight security mode with a little dip in the performance. The same update also provides protection against the Variant 3a (Rogue System Register Read) which the Intel claims that it has never received any case of such.
All the security flaws affecting the Intel’s processors have started to arrive and this may continue until new chips are released. There will not be a permanent solution to these and the company will be releasing patches now and then whenever they find a flaw reported. Variant 4 may not be a major security flaw as there has not been any universal hardware related flaw before, but they are not totally out of danger as we don’t know where it might end. Hopefully, Intel and other companies end up releasing a new chipset which addresses all the flaws and enhances the security of data stored.