Don't panic about the new 'Prime' Meltdown and Spectre CPU exploits Credit: Google/Natascha Eibl

Don't panic about the new 'Prime' Meltdown and Spectre CPU exploits

The news sounds bad at first blush: Researchers from Nvidia and Princeton University have discovered fresh ways to exploit the Meltdown and Spectre CPU vulnerabilities present in every modern computer processor. But while the new MeltdownPrime and SpectrePrime attacks prove that the initial exploits aren’t necessarily the only way to trigger the vulnerabilities lurking inside chips, everyday computer users shouldn’t freak out about them.

The new vulnerabilities pit the multiple CPU cores inside modern processors against each other and take advantage of the way memory cache access works in multi-core systems. The Register’s synopsis and the research paper have more in-depth technical details if you want them. Like Meltdown and Spectre, a successful attack can extract sensitive information, including passwords.

Now for the good news: The researchers didn’t release exploit code for MeltdownPrime and SpectrePrime. Better yet, the patches already planned for Meltdown and Spectre should protect against these new variants, too. All major operating systems released Meltdown protections as soon as the exploits were announced, Intel is starting to roll out CPU firmware updates after a disastrous first attempt, and industry leaders are tweaking compilers and how code is handled to harden other software against Spectre.

Core i7-8700K Coffee Lake Gordon Mah Ung

A variety of recent Intel processors.

Safeguarding against Meltdown, Spectre, and these new Prime variants isn’t straightforward though, as the processor flaws touch every aspect of your PC. PCWorld’s tutorial on how to protect your PC against Meltdown and Spectre can walk you through the complicated patching process. Researchers are starting to see malware probing the vulnerabilities in the wild, so you’ll also want to take additional steps to keep your data safe. Invest in solid data backup and Windows antivirus solutions if you haven’t already—they’re must-haves in today’s computing world.  

MeltdownPrime and SpectrePrime might complicate tomorrow’s computing world, though. Intel and AMD are building hardware fixes for the original CPU vulnerabilities into their next generations of processors, but these fresh attacks won’t get stopped by those, the researchers say.

“We believe that microarchitectural mitigation of our Prime variants will require new considerations. Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol.”

Coincidentally, Intel expanded its bug bounty program yesterday, introducing a special program for “side-channel” attacks like these that pay up to $250,000 for disclosure of new exploits.

Stay patched, friends—but don’t panic.

IDG Insider


«Essential Phone PH-1 review: Sorry, even limited-edition colors won't make it less terrible


Samsung Notebook 7 Spin review: A solid 8th-gen 2-in-1 with plenty of battery life»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



If it were legal, would your organization hack back?