Research

Google Details Spectre and Meltdown Fixes for Its Cloud Services

Google Details Spectre and Meltdown Fixes for Its Cloud Services

Those variants include both the Meltdown vulnerability (CVE-2017-5754) and the two Spectre vulnerabilities (CVE-2017-5753 and CVE-2017-5715) for bounds check bypasses and branch target injection attacks, respectively.

This kind of slowdown is assumed to be an unavoidable downside to patching Spectre and Meltdown, but today we're learning that it may not have to be that way. The company has been rolling out solutions to the flaws since September.

It's been a long week since we first learned about the now infamous Spectre and Meltdown chip vulnerabilities. In the statement, AMD admits that its CPUs are not only affected by Spectre Variant 1, but also Variant 2.

For some time, Google says "it appeared that disabling the vulnerable CPU features would be the only option for protecting all our workloads against Variant 2".

Intel is facing a growing number of lawsuits, including claims from groups of consumers alleging that it misled consumers by failing to disclose the security hole and demands for compensation based on the potential slower performance of machines that have been patched.

Trump dodges on prospect of a Mueller interview: 'We'll see what happens'
Trump said a year ago that he would be "100%" willing to testify under oath about his conversations with Comey. Her staff helped conduct the interview with Simpson, who had also asked for the interview to be released.

"The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data".

Eventually, Google took a "moonshot" approach to solving the problem and turned up with Retpoline, a solution that "modifies programs to ensure that execution can not be influenced by an attacker".

In other words, the patches for Meltdown and Spectre may need patches themselves, though Intel has not come to that definitive conclusion just yet. The technique has a "negligible impact on performance", according to Google, and allows the company to defend against Variant 2 of Spectre without switching off CPU components or modifying many layers of software.

Fortunately, Google has made a decision to share the details of Retpoline with the rest of the industry. Devices using the 7th Gen Kaby Lake-H mobile processors will be around 7% slower, while the performance impact on systems with the 6th Gen Skylake-S platform is estimated to be around 8%. The company is sharing its research with other tech companies in hopes that it "can be universally deployed to improve the cloud experience industry-wide".