What really is Meltdown and Spectre?
Meltdown is a vulnerability which could be exploited by hackers to extract sensitive information as it basically “melts” the hardware-enforced security barrier between applications run by users and the computer’s core memory.
Spectre, on the other hand, can trick bug-less applications into giving up information which it uses for safety checks turning its own guards against it. Spectre’s name comes from ‘speculative execution.’
After Spectre and Meltdown were reported earlier this month, Intel officially accepted the existence of the flaws and since then many tech companies have tried their hand at issuing an effective meltdown and spectre patch. Intel even found bugs in its own patch for the vulnerabilities and told some customers to hold off firmware updates due to some reboot issues that had been reported by systems running Intel Broadwell and Haswell CPUs for both client and data center.
Meltdown and Spectre Patches; How it will affect your machine, Intel warns
The Meltdown and Spectre patches are being pushed by Microsoft and Apple were deemed safe for application. However, the Meltdown and Spectre patches have reportedly slowed down the performance of systems. This is understandable as the vulnerability deals with basic hardware and chip level coding and patching those flaws means messing up the very features which were introduced to optimize CPU performance.
Google recently released its own fix, code-named Retpoline, for Variant 2 of the Spectre CPU attacks. Unlike other patches which relied on disabling the affected CPU features (causing the slowdown), Google used software patches. According to Google, the patch has a “negligible” impact on performance.
“Retpoline sequences are a software construct which allows indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches,” explained the creator himself, Paul Turner.
“We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware. Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms”, wrote Google VP Ben Treynor Sloss.
Devices running on Android OS which were not manufactured by Google have still not received an update.