Meltdown and Spectre Vulnerabilities: What You Need to Know

Microsoft, Linux, Google, and Apple started rolling out patches addressing design flaws in processor chips that security researchers named Meltdown and Spectre.

Here’s what you need to know about these flaws:

What are Meltdown and Spectre?

Meltdown, designated as CVE-2017-5754, can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS).
Meltdown affects Intel processors.

Spectre, designated as CVE-2017-5753 and CVE-2017-5715, can allow attackers to steal information leaked in the kernel/cached files or data stored in the memory of running programs, such as credentials (passwords, login keys, etc.).
Spectre reportedly affects processors from Intel, Advanced Micro Devices (AMD), and Advanced RISC Machine (ARM).

Modern processors are designed to perform “speculative execution.” This means it can “speculate” the functions that are expected to run, and by queuing these speculations in advance, they can process data more efficiently and execute applications/software faster. It’s an industry technique used to optimize processor performance. However, this technique permits access to normally isolated data, possibly allowing an attacker to send an exploit that can access the data.

What’s the impact?
Intel processors built since 1995 are reportedly affected by Meltdown, while Spectre affects devices running on Intel, AMD, and ARM processors. Meltdown is related to the way privileges can be escalated, while Spectre entails access to sensitive data that may be stored on the application’s memory space.

The potential impact is far-reaching: Desktops, laptops, and smartphones running on vulnerable processors can be exposed to unauthorized access and information theft. Cloud-computing, virtual environments, multiuser servers—also used in data centers and enterprise environments—running these processors are also impacted.

Google’s Project Zero has proof-of-concept (PoCs) exploits that work against certain software. Thankfully, Intel and Google reported they have not yet seen attacks actively exploiting these vulnerabilities so far.

So what can you do right now?
Some software updates are becoming available as well as BIOS updates.

Give us a call on 1300 431 678 or drop your computer or laptop into us at 7 Bosworth Road Woolgoolga, we will update your computer with these updates and run scans for any other threats and vulnerabilities.

Leave a Comment