![]() ![]() Some Meltdown and Spectre updates caused real problems for businesses and consumers. Once companies push all the various types of updates, though, users will decide case by case whether to install them, since bypassing processing efficiencies to neuter potential attacks can also slow systems down. "If enabled, we’ve observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks." She explains that once they are generally available, some SSB protections will be off by default, requiring users to opt into protection. "We know that new categories of security exploits often follow a predictable lifecycle, which can include new derivatives of the original exploit," Leslie Culbertson, Intel's executive vice president and general manager of product assurance and security, wrote in a statement on Monday. But as was the case before, chip manufacturers and software developers are now working to release tailored fixes-and SSB raises the same types of performance problems that emerged before. Some systems, particularly browsers, already have some protection against Speculative Store Bypass attacks just from the initial Meltdown and Spectre patches. Microsoft says that the risk to users from this bug is "low," and Intel notes that there is no evidence that the flaw is already being used by hackers. It particularly could expose certain components often used in web browsing that are meant to be isolated, for example, a JavaScript module that shows ads. If exploited, an attacker could abuse the bug to access data that is meant to be stored out of reach. On Monday, researchers from Microsoft and Google's Project Zero disclosed a new, related vulnerability known as Speculative Store Bypass Variant 4 (Meltdown and Spectre collectively make up variants 1-3) that impacts Intel, AMD, and ARM processors. As a result, chip manufacturers and software makers scrambled to issue patches and work out the performance sluggishness that came along with blocking the risky optimizations.Īt the same time, though, a larger concern was also looming: Spectre and Meltdown represented a whole new class of attack, and researchers anticipated they would eventually discover other, similar flaws. The flaws, which impacted the chips in many popular devices, allowed hackers to inconspicuously manipulate a common efficiency technique used to speed data processing. At the beginning of the year, everyone was talking about processor vulnerabilities called "Meltdown" and "Spectre" that potentially exposed data in everything from servers and desktops to tablets and smartphones. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |