Security experts worldwide are melting down over Meltdown and feeling haunted by Spectre. Those are the names security researchers have given two massive, newly discovered security flaws that affect central processing units at the chip level, meaning nearly all computers are at risk no matter what kind of operating system they run, TechCrunch reports. The bugs, discovered by researchers from Google's Project Zero team and independent other teams, exploit flaws in computer architecture that make it possible for malicious software to steal information from other programs, according to a website set up by researchers to explain them. The researchers had planned to wait until fixes were available next week before disclosing the flaws, but they released them early after a tech site revealed the vulnerabilities, the AP reports.
The flaws differ in some ways: Meltdown, which breaks through barriers protecting computer memory, affects only Intel chips and works in a way that makes cloud computing especially vulnerable, while the Spectre technique, which is harder to exploit but can trick other applications into revealing information, affects just about everything with any sort of chip in it. Analysts say a patch for Meltdown could slow CPUs down by up to 30%, while there is no known fix for Spectre, which could require a major chip redesign. Researcher Paul Kocher, part of the team that discovered the bugs, tells the New York Times that focusing on improving speed in new chips resulted in design flaws. "We’ve really screwed up," he says. "There’s been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows that you cannot have both." (More computer security stories.)