Meltdown & Spectre discoveries credited to 22-year-old German genius

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

The identification of the "Meltdown" and "Spectre" vulnerabilities in Intel- and ARM-based processors — including chips used in Apple's Macs, iPhones, and iPads — can be credited almost entirely to a Google security researcher in his early 20s, Jann Horn.

Originally from Germany, Horn now works in Zurich, Switzerland with Project Zero, Google's zero-day team, Bloomberg noted on Wednesday. He's said to have discovered the issues while working alone, beginning in April, when he was reading Intel processor manuals to make sure chips could handle code he'd written.

It's in reading about speculative execution that Horn realized that sensitive data was being kept in memory and could potentially be accessed by clever hacking. After talking to a fellow Google researcher, he arrived at the idea of tricking a processor into unusual speculative executions that could be used to fetch specific data.

Horn eventually told Intel, ARM, and AMD about the situation on June 1. By the time Meltdown and Spectre were announced to the public this January, Horn was given lead credit.

Accounts differ on the amount of contact between Horn and Intel. At a conference in Zurich on Jan. 11, Horn said that after his initial data sharing, there was no discussion until Intel called him in early December to confirm other researchers had found the same issues. A Google spokesman, Aaron Stein, insists however that there was much more chatter.

"Jann and Project Zero were in touch with Intel regularly after Jann reported the issue," Stein told Bloomberg.

Apple has already released several related security fixes, with more in the works. It's nevertheless facing multiple lawsuits, as are companies like ARM and Intel.