This access is still "safe," insofar as it doesn't introduce any programming bugs. It can speculatively try to access the Nth element while waiting for the check to finish. The Spectre problem is that the processor doesn't always wait to see if the Nth element exists before it tries to access it. Either way, the test has to be done attempts to access array members that don't exist are a whole class of bugs all on their own. Other languages, like JavaScript and Java, perform them automatically. Programmers using languages like C and C++ often have to write these checks explicitly. The one that Microsoft's compiler is addressing, known as "variant 1," concerns checking the size of an array: before accessing the Nth element of an array, code should check that the array has at least N elements in it. The "Spectre" label actually covers two different attacks. Microsoft is offering a compiler-level change for Spectre. Apple has talked about some of the updates it has made to the WebKit rendering engine, used in its Safari browser, but this is only a single application. Many of these are operating system-level fixes, some of which depend on processor microcode updates.īut Spectre isn't a simple attack to solve operating system changes help a great deal, but application-level changes are also needed.
#Microsoft spectre meltdown software#
The Meltdown and Spectre attacks that use processor speculative execution to leak sensitive information have resulted in a wide range of software changes to try to limit the scope for harm. Aurich Lawson / Getty Images reader comments 149 with
0 kommentar(er)
