The technology industry has been rocked by the news that two security vulnerabilities dubbed Meltdown and Spectre affect nearly every computing device on the planet, including PCs, smartphones and the servers in cloud computing data centers. The bugs are the result of problems in processor architecture, which makes them difficult to fix.
Meltdown affects only Intel chips, but it is particularly troublesome for cloud computing services. It could allow attackers to steal data stored in memory on a server. Because many different customers share physical servers in a cloud computing service, that means hackers could potentially access sensitive data from multiple companies by attacking one server. As of Wednesday evening, Google and Microsoft said they had updated their systems to protect against the flaw. Amazon Web Services told customers that most of its servers were protected and that they needed to update their software to be fully secure. However, some researchers say the updated systems are up to 30 percent slower than unpatched systems.
Spectre affects chips made by AMD and ARM as well as Intel, and it doesn't have an easy fix. Most likely, it will require manufacturers to redesign their chips. Fortunately, it's also much harder to exploit. “This will be a festering problem over hardware life cycles. It’s not going to change tomorrow or the day after,” security researcher Paul Kocher said. “It’s going to take a while.”