DEV Community

Discussion on: Processor Security Flaws

ben profile image
Ben Halpern

This has to be the worst vulnerability I've ever heard of. It takes advantage of a layer between apps and data that users expect to be totally secure.

orkon profile image
Alex Rudenko

I wonder if it has been exploited by someone before it became widely known. How likely is it that black hats/govts could know about it and use it secretly?

lambdude profile image
Ian Johnson Author • Edited on

From the Reuters article:

Speaking on CNBC, Intel’s Krzanich said Google researchers told Intel of the flaws “a while ago” and that Intel had been testing fixes that device makers who use its chips will push out next week. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on Jan. 9. Google said it informed the affected companies about the “Spectre” flaw on June 1, 2017 and reported the “Meltdown” flaw after the first flaw but before July 28, 2017.

I haven't heard of any exploits in the wild yet. Although, keeping vulnerabilities secret to use as zero-day attacks is the standard operating procedure of the NSA. And if the NSA knows about it, black hats probably know about it too. I would actually be surprised if that wasn't the case.