Intel Releases Patch For Spectre and Meltdown – Apple, Google, Microsoft, Amazon Measure No Significant Performance Degradation For Vast Majority Of Use-Cases
Intel has rolled out a press release stating that it has successfully developed and issued updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero and all 3 known attack variants.
Intel will release Spectre and Meltdown patch for 90% of processors introduced in the last 5 years by the end of next week
Since the bug was reported back in June of last year, the companies have had ample time to prepare their defenses before information about the security flaw was revealed to the public. However, the information dissemination happened a little bit prematurely and there were concerns that the companies might not have had time to fully patch things over. Thankfully, it appears that's not the case as Intel has already rolled out updates which it states make it "immune to the Meltdown and Spectre exploits.
Intel has also stated that it will have covered 90% of processors introduced in the last 5 years by the end of next week - which should cover most of the cloud and datacenter ecosystem where these attacks could potentially cause the most damage. Here's a snippet from the presser:
Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.
Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.
Soon after the initial PR, Intel also rolled out statements from 4 of its biggest clients, namely Google, Amazon, Apple and Microsoft, all 4 of whom have stated that they are witnessing little to no impact on the vast majority of their cloud workloads. This still means that there will be significant performance impact on a small minority of use cases, but so far things are starting to look good for the industry in general.
Apple: “Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.”
Microsoft: “The majority of Azure customers should not see a noticeable performance impact with this update. We’ve worked to optimize the CPU and disk I/O path and are not seeing noticeable performance impact after the fix has been applied.”
Amazon: “We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads.”
Google: “On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.”
The Spectre bug which exploits a new class of vulnerabilities in nearly every single modern processor to date will continue to haunt enterprise security for some time and it is probable that new attack vectors (apart from the initial 3 discovered by the Google team) will be discovered with time but so far the impact seems to be fairly within control of the company. We are expecting extensive benchmarks from sister publications after the Windows patch has been applied, you can check out Linux benchmarks over here (hint: the general user will see no difference in performance).