Meltdown and Spectre security flaws in INTEL AMD ARM put All device at Risk.Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices, and ARM Holdings.
What is Meltdown And Spectre Security Flaws
Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage Meltdown and Spectre of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
These Meltdown and Spectre vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Methods and Types of Attack
The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade, The Register reported citing unnamed programmers, allowing users of normal applications to discern the layout or content of protected areas on the chips.
That could make it possible for hackers to exploit other security bugs or, worse, expose secure information such as passwords, thus compromising individual computers or even entire server networks.
Two Vulnerability target specific processor
The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD, and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.
How to Secure Yourself From Meltdown And Spectre Security Flaws
The researchers said Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown Spectre. Microsoft said in a statement it had no information suggesting any compromised data but was “releasing security updates today to protect Windows customers against vulnerabilities.” Apple did not immediately return requests for comment.
Comment from Security Researcher
Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it probably one of the worst CPU bugs ever found” in an interview with Reuters.
Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices.
So be safe and be careful and for tech news check our other blogs