Patch for Spectre, Meltdown causing problems in older chips


Intel are promising updates for 90% of their CPUs introduced in the past five years by January 15, and "ongoing security assurance", outlining their plans to fund further ongoing security research, and to share any potential side-channel attack breakthroughs the company may have. However, Intel still recommends end-users should apply the updates for both OS and hardware. For instance, cryptographer Paul Kocher told Scientific American this week that Meltdown and Spectre demonstrate a "failure of thought and attention" by chipmakers looking to balance security and performance needs.

Sixth generation Skylake CPUs take the biggest hit from Intel and Microsoft's mitigations, especially in system responsiveness tests which are running at a 21% performance deficit from an unpatched system.

Now Playing: Watch this: Intel addresses security flaws with company's chips at.

Intel notes that performance for "web applications that involve complex JavaScript operations may see a somewhat higher impact (up to 10 percent based on our initial measurements)" while "graphics-intensive [workloads] like gaming or compute-intensive like financial analysis see minimal impact".

The good news for the general public is that this doesn't affect them, at least not directly. That's when Google engineers looked into "moonshot" solutions. The bug is also unique to Intel's patch, and other fixes for the Meltdown and Spectre, including those being pushed by Apple and Microsoft, are safe to apply. And worse, you may not get patches at the rate you'd expect if Intel is telling system manufacturers not to issue them right now.

"The announcement of their "Security Pledge" is an obvious attempt to handle the non-technical issues Intel is going to be struggling with".

After all, there's currently no known exploit for Spectre or Meltdown and while exploits will certainly emerge now that the details are known, it's unclear how effective they will be and whether they can be successfully deployed in the real world.

"This allows a program to access the memory, and the also the secrets, of other programs and the operating system".