The new year started with an explosive revelation: anyone with an Intel processor chip in their computer is vulnerable to a pretty severe hack. Since Intel is one of the most prolific producers of processing chips, small pieces of hardware which reside in the heart of every computer, this bug is far reaching and crosses the Operating System aisles. Linux patches have already been published, Microsoft announced plans to release their patch sometime soon, and Apple may have already patched this bug in their December updates.
To understand why this is such a big deal, you need to know that in software a kernel is the main core program within the chip that has complete control over everything. The kernel controls the computer’s resources, such as memory and processing power, and allocates them based on requests from applications and programs. This bug allows common programs to be able to read restricted kernel level memory on a computer. This means a hacker could easily gain access to passwords and other sensitive secured information on any computer that is using these chips.
Now, the fact that they have already been patched sounds like a great thing. However, the patch for this bug is to isolate and make the protected kernel completely invisible to programs. This means a potential slow down of up to 30%. A production setup that only requires a few virtual machines may now have to deploy more to maintain the previous performance, causing a whole host of other problems for the user. Interestingly, the AMD systems team claim they are not affected due to the fact that they do not allow for the types of resource requests that other systems do.
Both Amazon and Microsoft Azure have scheduled maintenance days this weekend to presumably patch the issue, but a complete fix is going to require OS level rewrites in some cases. The most vulnerable among us are anyone using containers with third party access and anyone running “untrusted software” from third parties. It remains to be seen how far and wide this bug will go, but for now the tech community is analyzing it from every angle. Additional information on Meltdown and Spectre, the two techniques that exposed this bug, can be found at https://meltdownattack.com/.