Summary of each company's response to the vulnerability problem "meltdown" "Spector" inherent in CPU

byJeremy A.A. Knight

It has been a problem since the beginning of 2018,Vulnerability "meltdown" existing as a design flaw in Intel CPU and structural vulnerability "Spector" which is thought to affect all microprocessorsMicrosoft and other companies are taking action in order.

How to protect your PC from the major Meltdown and Specter CPU flaws | PCWorld
https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html


PCWorld points out four points that users can do, "Update OS", "Confirm firmware update", "Update browser", "Use anti-virus software".

◆ Google
Google Online Security Blog: Today's CPU vulnerability: what you need to know know
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Basically, user's operation is unnecessary for updating Google OS and terminal.

◆ Microsoft
Microsoft dated January 3, 2018 local time, an emergency update "KB 4056892We are delivering. Those who apply in automatic updating, but who have not yet been applied and would like to update themselves on their own are registered in the Microsoft Update CatalogFiles suitable for the applicable systemPlease download.

UEFI update programs for Surface Pro 3, Surface Pro 4, Surface Book, Surface Studio, Surface Pro Model 1796, Surface Laptop, Surface Pro Advanced LTE and Surface Book 2 are also being delivered I will.

Publish guidance for customers and partners: Protect your device from security vulnerabilities related to the latest chip.
https://support.microsoft.com/ja-jp/help/4073065/surface-guidance-for-customers-and-partners-protect-your-devices-again

Apple
About speculative execution vulnerabilities in ARM-based and Intel CPUs - Apple Support
https://support.apple.com/en-us/HT208394

Apple said that it has completed measures to "meltdown" with macOS High Sierra 10.13.2 distributed in December 2017, and iOS 11.2, tvOS 11.2.

◆ Linux
LKML: Linus Torvalds: Re: Avoid speculative indirect calls in kernel
https://lkml.org/lkml/2018/1/3/797

Kernel patches have been created by Linux developers as well. Linus Torvalds, the creator of Linux says, "Intel basically says" always something like a fucking and always promises not to modify anything "If so, We should also look at ARM 64 "and expressed his opinion.

By the way, in December of 2017 December of 2017, "Meltdown" countermeasure patch is being delivered, Amazon AWS has an increase in CPU utilization of virtual machines and the effect that instances of cloud servers are significantly slowed down It is said that it is out.

Amazon: Intel Meltdown patch will slow down your AWS EC2 server • The Register
https://www.theregister.co.uk/2018/01/04/amazon_ec2_intel_meltdown_performance_hit/

◆ AMD
An Update on AMD Processor Security | AMD
https://www.amd.com/en/corporate/speculative-execution

For AMD, Google's security counterpart Project Zero announced three studies, "Bounds Check Bypass" has been solved with updates by system vendors and manufacturers, the performance impact is negligible, "Branch Target Injection" is vulnerable No proof, "Rogue Data Cache Load" announced the findings, there is no vulnerability due to the difference in AMD architecture.

◆ Mozilla Firefox
Mitigations landing for new class of timing attack | Mozilla Security Blog
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Firefox confirmed that it is possible to actually steal personal information using technology similar to the reported method. We released "Firefox 57.0.4" with measures taken.

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare • The Register
http://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/


Regarding this "meltdown" "Spector" problem, Intel announced a release that refuses that it is not only for its own company. The Register who reported this problem translated the real intention of the written sentence against the release.

At the end of the sentence "Intel believes its products are the safest in the world, with the help of our partners, we believe that the current solution to this problem provides the best security for our customers" In response to the phrase 'Who are you thinking of buying this kind of items from anyone?', I'm speaking for Intel's "voice of the heart" that has overwhelmed AMD for a long time with CPU share I will. ActuallyAMD pulls Intel out of CPU sales shareBecause it is a situation, Intel should not be able to continue the grandson business. There is a need for serious measures against the "meltdown" and "spector" problems.