Intel Chips to have protective walls to amend Spectre and Meltdown security flaws

By Digit NewsDesk | Updated 16 Mar 2018
Intel Chips to have protective walls to amend Spectre and Meltdown security flaws
  • The new changes to Intel chips will still be vulnerable to variant 1 of the Spectre bug, but Intel will continue to address via software mitigations.

Since the beginning of the year, Intel along with it its partners and competitors have been working on fixes and updates to address flaws revealed by Google’s Project Zero. Intel has now finally developed a hardware level fix for both Meltdown and Spectre’s Version 2 vulnerabilities. Intel says that both the next version of Intel’s 8th Gen Core processors and Intel’s Xeon Scalable processors (cascade lake), which will be shipping in the second half of the year, will get the hardware fix. Moreover, as of last week, Intel has released microcode updates for its processors from 2nd gen (Sandy Bridge) processors all the way to the latest generation.


Intel’s CEO Brian Krzanich says, “We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both variants 2 and 3. Think of this partitioning as additional “protective walls” between applications and user privilege levels to create an obstacle for bad actors”. It should be noted that Intel calls the Meltdown flaw as variant 3. However, there is no hardware level fix for the variant 1 of the Spectre bug and Intel will continue to address it via software mitigations. That said, the variant 1 of the Spectre flaw is the most worrisome bug of them all. This is because the attacks targeted to exploit this bug work against the basic principles of speculative out-of-order execution.

AMD, which is also affected the by the Spectre variant 1 flaw, got a big blow a day before when Israeli security agency CTS Labs published a white paper detailing four new classes of flaws in AMD’s Ryzen and EPYC processors. The white paper discloses 4 new flaws in AMD processors, all of which require physical access or elevated administrator privileges. While the findings by the new security agency, which was founded less than a year ago, can’t be taken lightly, its conduct in the situation doesn't seem ethical. Under normal circumstances, when a security vulnerability is found, companies are given a 90-day heads up, but here AMD was given just a 24-hour notice. CTS Labs did not provide any explanation on why they did so. Moreover, the language in the white paper seems severely hyped including the names of the vulnerabilities mentioned.

Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.

Recent Questions

Security app
Baranidharan Nagarajan
Aug 30, 2014
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment