What vulnerabilities ? 
Meltdown and Spectre are three variants of flaws which exploit the vulnerabilities from the processors allowing potential hackers to steal every data. Your passwords, photos, e-mails or sensitive documents, whether personal or professional, are likely to be affected.
Who’s affected ? 
Far from having been discovered recently, it has been revealed last month. If the Meltdown vulnerability only affects Intel processors, the Spectre flaw affects all processors that have been in circulation for several years, including in smartphones or tablets, even in the cloud, depending on the provider’s infrastructure.
Intel, AMD, Dell, IBM, Huawei, Apple or Microsoft… Manufacturers of operating systems or software editors are concerned. Likewise, all users are affected.
Have they been exploited ?
The trend is optimistic : it’s insured that these flaws have not been exploited. But, since they concern all the processors, it’s quite conceivable that their exploitation took place for several years, even before their discovery. And that, without us being able to be informed.
What’s proposed to secure these flaws ? 
From the implementation of plasters on the software and operating systems to the modifications of the microcode of the processors, patches have been deployed. It is recommended to download the latest updates on the different devices which include patches, but it would considerably slow their performances. In addition, Intel has suspended the distribution of the patches because of some untimely restart of the devices.

In legal terms ? 

Class actions follow one another. Three separate class-action lawsuits have been filed against Intel in California, Oregon and Indiana on the basis of the breach of the disclosure requirement. The late communication of Intel on the extent of the flaws known for over a year has nothing to please users. AMD isn’t left out and is also concerned because of their communication which minimized the impact of faults on their systems. Consumers will probably not be the only ones to ask for compensation. Cloud providers, like Google or Amazon, are also affected because any software or hardware fixes will have an impact on their operating capacity and therefore on their competitiveness.

A propos de Chloé NIEDERGANG