No, there are multiple chips from multiple vendor using multiple ISA that are vulnerable to at least all three major exploits that have been published.
Sure they are correct. They would also be correct in saying:
It should be obvious intel CPUs are not working as designed or intended. They were intended and designed to not allow lower level processes to access privileged data. They missed something and that means the CPUs have a bug.
Spectre as an exploit targets a particular architectural decision (OoO, speculative processing). Which isn't a bug, is a general security issue that needs to be resolved.
Meltdown is an exploit that targets a specific bug or design deficit on Intel processors. Intel CPU's are not doing what they are supposed to be doing and Meltdown takes advantage of that.
Yeah. No. The CPUs are not working as intended. The CPUs are intended to prevent code accessing privileged data.
In regards to Meltdown. It would not exist if Intel CPU's unlike did what it was supposed to when verifying memory access permissions after the code has been processed. It should do a check notice the discrepancy and chuck it. That is what the check is for. That is what all other CPU's do. Whether it was an intentional choice by an engineer when realizing it was doing what it was supposed to do, a design decision by Intel to ignore the security check for performance, or it was just an oversight because when this was originally done, there wasn't really an attack vector that could utilize it anyways, there is a design feature included in the CPU that doesn't handle it's job correctly. That is a bug and not a CPU doing what it is supposed but a new exploit takes advantage of that.
Intel doesn't have any security checks for cache data read tasks.
Intel has security checks in place but the CPU ignores those checks for whatever reason.
ARM? Same thing as Intel. Literally every OOO design except Zen has the meltdown issue.
In ARMs long list of OOO designs, there is only Cortex A75 affected by Meltdown. So your statement is wrong.
That's not actually true. A15, A57, and A72 are also affected by a variant of Meltdown.
Not according to ARM:
https://developer.arm.com/support/security-update
I know you are kidding, but can you actually do anything with those CPUs in 2018?80386, 80486
Retro gaming!I know you are kidding, but can you actually do anything with those CPUs in 2018?
No, the CPUs are working as intended, imo. This is not a bug. Someone has just found a way to exploit the way the CPU normally works. That's the way I look at it.
I think we just disagree, and this disagreement is reasonable.
And all CPUs can be exploited.
Some exploits just haven't been discovered yet, or made public yet.
You can do everything you did in 1990. And for some of us those were the best things in our lives.I know you are kidding, but can you actually do anything with those CPUs in 2018?
Im sure I will get roasted for saying this, but why is everyone so paranoid. A hacker has to specifically target you correct?
You might want to read that document. A15, A57, and A72 are all affected by Variant 3a.
In general, it is not believed that software mitigations for this issue are necessary.
Goodbye JavaScript?Not really. When operating systems have had flaws of this magnitude in the past, they have typically lead to self-propagating worms that attack the entire installed base.
At least some of these bugs are exploitable from javascript, and with PoC and technical details available, it probably won't be long before the first internet-based attacks where some ransomware or other crap infects any unpatched machines visiting the wrong site through their browser.
No, there are multiple chips from multiple vendor using multiple ISA that are vulnerable to at least all three major exploits that have been published.
Intel CPUs are the only desktop and datacentre CPUs affected by an exploit which needs to be fixed in software. This software fix causes up to 30% decrease in performance.
Im sure I will get roasted for saying this, but why is everyone so paranoid. A hacker has to specifically target you correct?
Goodbye JavaScript?
According to firefox devs, it's possible to change their JS implementation to protect against this, so there are no future implications for JS.
The problem is all the old machines with crappy old unpatched browsers. Something like 4% of the browser market share is still held by IE.
According to firefox devs, it's possible to change their JS implementation to protect against this, so there are no future implications for JS.
The problem is all the old machines with crappy old unpatched browsers. Something like 4% of the browser market share is still held by IE.
Not really. When operating systems have had flaws of this magnitude in the past, they have typically lead to self-propagating worms that attack the entire installed base.
At least some of these bugs are exploitable from javascript, and with PoC and technical details available, it probably won't be long before the first internet-based attacks where some ransomware or other crap infects any unpatched machines visiting the wrong site through their browser.
These exploits are possible via js running in web browsers, fyi.