2018 starts with a big chip-level bug making headlines which Google researchers already found and reported in June 2017.
The reason it's currently heavily discussed in media is that this bug is a significant chip-level security bug affecting all Intel (and possibly other manufacturer's) CPUs of the last decade and therefore affects millions to billions of computers including the huge cloud services from Google, Microsoft, Amazon and all others using Intel x86 CPUs of the last decade.
Tu cut the long story short: Computers with affected CPUs might be vulnerable to so called Meltdown attacks, breaking the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets of other programs and the operating system (including passwords and other sensitive information).
The patch and it's impact
Another reason for this bug making headlines is: Fixing this security issue can only be done by overhauling the virtual memory systems of all current operating systems like Linux, Windows, Mac OS etc. and means a lot of annoying work for the kernel developers.
But even more worse is the patch's impact on performance which is the main reason for the bug making headlines: some experts assume that the patch will result in performance losses up to 30 percent.
Although these assumptions are made by real experts we shouldn't dramatize this all too much. It's not just that these are only assumptions and no real benchmarks and therefore no facts yet, experts are - as I do understand correctly what I read so far - referring to operations heavily affected by the patch's complete seperation of kernel space memory from user space processes. So let's wait and see.
Upcoming security patches
Security patches for the Linux kernel as well as Windows are already in the pipeline for this month.
At the moment I don't have information about when there will be patches available for Mac OS and all the other operating systems.
To be as safe as possible better keep your operating system and all your applications up-to-date.
Microsoft Windows 10 received updates, the Linux Kernel 4.14.11 and 4.15 received fixes (KPTI) and Apple has fixes out for iOS 11.2, macOS 10.13.2, and tvOS 11.2!
Additionally for getting more information I added more links about the topic in the Further reading section down below.
- An Update on AMD Processor Security / amd.com (EN)
- Intel Responds to Security Research Findings / intel.com (EN)
- About speculative execution vulnerabilities in ARM-based and Intel CPUs / apple.com (EN)
- Linux KPTI Tests Using Linux 4.14 vs. 4.9 vs. 4.4 / phoronix.com (EN)
- Sicherheitslücke betrifft Milliarden von Computern / sueddeutsche.de (DE)
- Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign / theregister.co.uk (EN)
- Negative Result: Reading Kernel Memory From User Mode / cyber.wtf (EN)
- Intel spielt CPU-Kernel-Bug herunter – neue Infos / pcwelt.de (DE)
- Meltdown and Spectre / meltdownattack.com (EN)