5 Jan
2018
5 Jan
'18
10:33 p.m.
On Thu, 4 Jan 2018 12:07:21 +1300, Michael Cree wrote:
Now announced as Meltdown and Spectre.
A good overview of the scope of the vulnerabilities, and the various companies’ response to them, here <https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/>. The Meltdown vulnerability isn’t entirely Intel-specific: it also affects some high-end ARM chips. But that’s almost the easy one to deal with, compared to Spectre. Another point that struck me is that Web browser vendors are deliberately degrading the accuracy of the timers available to JavaScript, to try to prevent scripts from hostile websites taking advantage of these vulnerabilities.