hippietim
Axe-Master
I wonder, if Intel was notified about this flaw in june, does that mean that the processors its currently making and which are on sale, have been fixed?
I seriously doubt it. Fixing this is going to be really, really difficult apparently. There isn't even a completely viable workaround that OS vendors can implement for 2 of the 3 vulnerabilities discovered as part of this effort. Those two vulnerabilities (named Spectre) are on all mainstream processors that do out of order execution - ARM, AMD, and Intel. These vulnerabilities have been around a really long time and were just unveiled. They were discovered by some folks on Google Project Zero. But it doesn't mean that there aren't more people that have discovered this - perhaps even earlier.
Chip manufacturers are no doubt having to take a step back and rethink how they approach their role in the stack with regards to security.
We did that a number of years ago and it's a really rude awakening. These days our approach to security starts with the fundamental assumption that the system you are targeting is compromised and that the attackers have all of your design docs and source code.
Last edited: