Meltdown and Spectre Vulnerabilities Impacting Most Modern CPUs

Today’s topics include a pair of flaws found in most modern CPUs; a Google Apps Script vulnerability exposing malware risks; Google introducing a new preemptible GPU compute option for cloud customers; and a Microsoft and Adaptive Biotechnologies partnership in AI-enabled immunology.

Google's Project Zero last week revealed details about a pair of severe Intel chip flaws, which have been branded as Meltdown and Spectre, and have widespread impact across different silicon, operating system, browser and cloud vendors.

The Meltdown flaw affects Intel CPUs, and Spectre impacts all modern processors, including ones from Intel, Advanced Micro Devices and ARM. "Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory; consequently, applications can access system memory,” according to an advisory concerning the flaw.

Spectre, meanwhile, abuses a CPU function in modern processors that use something known as "speculative execution" to maximize chip performance. It's not yet known if attackers have used either vulnerability to exploit users, and the exploitation of Meltdown or Spectre doesn't leave any evidence in traditional log files.

Security firm Proofpoint on Jan. 4 warned of a new attack vector that could enable hackers to abuse Google Apps Script to exploit cloud users. Google Apps Script is a JavaScript-based language used across the G Suite of applications that helps developers and organizations extend functionality in Google's apps.

"Proofpoint research has found that Google Apps Script … supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded," said Maor Bin, security researcher at Proofpoint. Attackers can take advantage of the Google Apps Script issue to deliver any form of malware or file to victims.

Bin said Proofpoint is not aware of any reports that the Google Apps Script issue is being actively used by attackers, adding that after reporting the flaw to Google, “they made mitigations that prevent threat actors from using it."

Google now has a preemptible GPU option that allows cloud customers to use virtual machines with graphics processing units capable of multi-teraflop performance at prices that are at least 50 percent lower than on-demand options.

With the new option, enterprises can now attach Nvidia K80 and Nvidia P100 GPUs to preemptible virtual machines on Google cloud at 22 cents and 73 cents per GPU hour, respectively.

The GPU-accelerated computing option is meant for organizations looking to run machine learning, medical analysis, scientific simulations, video transcoding and similar applications in the cloud that require a lot of processing power. Such customers can now get the computing resources they need at much cheaper prices than before, so long as they don't require it to run continuously for more than 24 hours.

Microsoft and Seattle-based immuno-sequencing company Adaptive Biotechnologies announced Jan. 4 that they are partnering to use artificial intelligence to "decode the human immune system" and develop ways to diagnose specific diseases with a simple blood test. Eventually, they hope to develop a universal diagnostic that can detect a wide range of illnesses.

The initiative combines Adaptive Biotechnologies' innovations in human immune system sequencing with Microsoft's cloud computing and machine learning technologies. The project's aim is to create a universal T-cell receptor antigen map, using vast amounts of genomic data that will require AI systems and massive cloud computing resources to decipher.

Peter Lee, corporate vice president of Microsoft AI and Research, said, "This universal map of the immune system will enable earlier and more accurate diagnosis of disease and eventually lead to a better understanding of overall human health.”

Top White Papers and Webcasts