It was clear it was going to be an intense year the cybersecurity industry when, just days after ringing in 2018, researchers announced a vulnerability found in essentially all CPU processors made over the previous two decades. From there, things only got busier, with news of Russian exploits, new ransomware families and much, much more.
Spectre and Meltdown: A mere three days into 2018, multiple groups of researchers publicly disclosed Spectre and Meltdown, a trio of CPU chip vulnerabilities representing an entirely new classification of bugs. Found in Intel, IBM, ARM and AMD chips powering an enormous spectrum of hardware products, these vulnerabilities were found to result from a flaw in the processor optimization functionality known as speculative execution. Researchers warned that the bugs could be exploited via side channel attack to access and steal sensitive information from devices by tricking programs into either leaking their secrets or accessing another application’s memory. Spectre and Meltdown’s public disclosure came after months of secretive, painstaking and unprecedented cross-industry collaboration to create patches and modifications, resulting in complex changes to many layers of the software stack. In some cases, these repairs regrettably slowed down the performance of affected processors. In the ensuing months, scientists found additional, new-generation variants of Spectre and Meltdown, as well as another family of speculative execution bugs called Foreshadow and Foreshadow-NG. In response to ongoing concerns, Intel said that its next-generation of chips would be designed with built-in defenses for Spectre-like attacks.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.