Nvidia’s latest software update helps protect your system from ‘Spectre’

GTX 1070 Ti

Nvidia is coming to the rescue, to help protect your system against the Spectre exploit. Or more specifically, to make sure its drivers can’t be used against you.

Here’s the thing about Spectre, it’s a hardware-level exploit, so rolling out a security patch isn’t as easy as it would be if they were just regular security vulnerabilities living somewhere on your computer. Patching this thing involves patching all the pathways someone could potentially take into your system.

Spectre and Meltdown take advantage of “speculative execution” to gain access to the beating heart of your operating system, its kernel. Because of that, manufacturers have had to roll out some tricky firmware updates, which insulate your system against the Spectre and Meltdown exploits.

The new Nvidia drivers make sure your GPU and its software are protected against “speculative side-channel vulnerabilities.” Nvidia accomplished this by effectively making sure your GPU can’t be used as a pathway into your operating system’s kernel.

Nvidia identified three main components of the Spectre exploit, and this patch — which you can and should go get now if you have an Nvidia graphics card — addresses two of them. The third version of the exploit shouldn’t be an issue, Nvidia says.

“At this time, Nvidia has no reason to believe that Nvidia software is vulnerable to this variant when running on affected CPUs,” the patch notes read.

To be clear, Nvidia’s hardware isn’t vulnerable to these exploits. Meltdown and Spectre are CPU exploits, not GPU exploits. This patch effectively shuts the door on Spectre by making sure it can’t be used to take advantage of the close relationship between your GPU, its drivers, and your operating system’s secure kernel.

The Meltdown and Spectre exploits were revealed by Google’s Project Zero security team. The exploits were actually uncovered in 2017 and Google’s team notified vendors who might be in the business of selling potentially vulnerable products.

“As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data. We have updated our systems and affected products to protect against this new type of attack,” Google’s Project Zero team reported. “We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web.”