"It also casts Intel's denials of a warning by Theo de Raadt that flaws in the Core 2 architecture could be exploited in a new light. " ...... suggesting that they are even more serious than they originally discovered/thought/were told?

Yes, I Think so whenever you can compromise the CPU right through to ITs Cores. Seems like the only way to Solve that is to Parachute in Crack Code Special Forces and/or Pay the Hack whatever IT Needs ....... for Further XXXXPloration of what would be Myriad Possibilities/Vulnerabilities/Opportunities.

And if the Truth be Told, that would be the Cheapest Option by a Very Long Way. Anything Else has the Possibility, and I would even Share the More Definite Probability, of Costing an Absolute Fortune. And if the Truth be further told, that would not even be a Cost, it would be an Astute Investment that would make Absolute Fortunes.

All code must be compiled into machine code before it can be executed, including Javascript.

I think your misconception comes from the fact that not all types of code are pre-compiled (or in other words, converted into a ".exe" file). Javascript and PERL are two well-known examples of these languages. These are still compiled, however, at runtime.

By knowing how these compilers will react to certain bits of code, it is theoretically possible to exploit bugs at the hardware level.

There is no executable code in a TCP/IP packet. This is pure simple fact. The code becomes executable by exploiting code that processes and propagates the packets. Therefore any of these bugs are obviously patchable within the TCP/IP stack. So forget that angle of attack. The operating system vendors should be made aware of the problem of course though.

There is no executable code in either Java or JavaScript. It has to be interpretted or compiled by the system to be executed. Both Java and JavaScript interpretters/compilers are developed by vendors whom work around operating system security holes all the time. There's just no point in making a deal about this. Just patch the holes and all is good.

Let me also point out that taking advantage of JIT compilers can be used to compromise processors without bugs as well.

So, would someone please tell me how this is an issue?

"All code must be compiled into machine code before it can be executed, including Javascript."

Nonsense. There are plenty of language implementations that are pure interpreters. They may tokenize source as they parse it, and then operate on the token stream; but the only machine code that's executed is that of the interpreter itself.

CPUs only execute machine code, but it is possible, indeed common, to build programming-language implementations that don't execute directly on the CPU.

And nothing in the ECMAScript standard demands that it be JIT-compiled.

That was bound to happen eventually...

So I'm more concerned about the claim that the CPU is causing damage to the hard drives. I can't say I'm surprised that something was found to be screwing up harddrives - although I'll admit to being surprised it is the CPU.