The new year in the world of computer security began with a bang, and not a good one. Spectre and Meltdown, the vulnerabilities that affect the microprocessors are serious, complex and represents a whole class of attacks.
Nearly every laptop, computer and smartphones are affected by this flaw, opening a window (a rather large one) for the bad guys to exploit.
Now, security patches have been deployed across various platforms to mitigate the flaw. Software juggernaut, Google explains how it managed to fix and contain the threats.
It was Google’s Project Zero team that discovered the flaw and it was kept behind closed curtains for a long time.
In a recent but lengthy blog post, Google's VP of 24/7 operations Ben Treynor Sloss detailed how demanding and long was the procedure to fix the vulnerability. "For months, hundreds of engineers across Google and other companies worked continuously to understand these new vulnerabilities and find mitigations for them," he blogged.
He explains that Spectre and Meltdown are actually three different vulnerabilities, one of which, — a variant of Spectre — was particularly hard to protect from.
"This set of vulnerabilities was perhaps the most challenging and hardest to fix in a decade, requiring changes to many layers of the software stack. It also required broad industry collaboration since the scope of the vulnerabilities was so widespread," wrote Sloss.