Tuesday, 23 January, 2018

AMD is deploying a patch for the second Spectre CPU vulnerability

James Martin  CNET James Martin CNET
Sherri Watson | 13 January, 2018, 05:40

For customers anxious about the fixes disrupting their machines, Intel said it will provide more updates to the public about the patching process, including "performance data".

As mentioned above there are a large list of Chromebooks which have already been patched up so they'll be safe against the Meltdown vulnerability as of now, and there are nearly equally as many that didn't need the patch in the first place so they were already safe prior to the Meltdown issue arising.

The company's Project Zero team discovered the chip vulnerabilities a year ago as it outlined in a blog post last week.

Every chip has a protected area which prevents one application from seeing what another is doing. These vulnerabilities have the potential to leave this information exposed if exploited correctly. The problems weren't "just hard to find, they were even harder to fix", the company said yesterday in a blog post. "No GCP customer or internal team has reported any performance degradation". You don't get much clearer than that.

Nvidia detailed how through the use of a side channel cyber attack that exploits the speculative execution modern processors perform to deliver speedy performance, its GPU drivers could fall foul of Spectre variants. To fix it, the company created Retpoline, a software-only solution that regular users unfortunately can't benefit from.

Earlier today, Intel announced it discovered some performance hits after implementing its own mitigation solutions at the chip level. This allowed Google to protect its cloud services at compile time with no source code modifications and without disabling CPU performance features (read about it in detail here).

"In September, we began deploying solutions for both Variants 1 and 3 to the production infrastructure that underpins all Google products - from Cloud services to Gmail, Search and Drive - and more-refined solutions in October", Google writes. On Windows 7 with 6th gen chips the decline is comparable to newer chips on Windows 10.

Google claims that they have had no performance complaints since implementing these solutions, a big win for customers.

Researchers with Google's Project Zero, in conjunction with academic and industry researchers from several countries, first reported the flaws publicly on January 3, but major tech firms have said they knew about the flaws months ago.