techyuga black logo
GET A CALLBACK

What Is Meltdown And Spectre Security Flaws? A breach in INTEL AMD ARM Processor.

amazon banner
Meltdown and Spectre

Meltdown and Spectre security flaws in INTEL AMD ARM   put All device at Risk.Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices, and ARM Holdings.

meltdown and spectre security flaws

 

What is Meltdown And Spectre Security Flaws

 

Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.

The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage Meltdown and Spectre of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

These Meltdown and Spectre vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

 

Methods and Types of Attack

 

To take advantage of this Meltdown And Spectre an attacker first must be able to run malicious code on the targeted system.
The Project Zero researchers discovered three methods (variants) of attack, which are effective under different conditions. All three attack variants can allow a process with normal user privileges to perform unauthorized reads of memory data, which may contain sensitive information such as passwords, cryptographic key material, etc.
In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions. It is possible for this speculative execution to have side effects which are not restored when the CPU state is unwound, and can lead to information disclosure.

The defect affects the so-called kernel memory on Intel x86 processor chips manufactured over the past decade, The Register reported citing unnamed programmers, allowing users of normal applications to discern the layout or content of protected areas on the chips.

That could make it possible for hackers to exploit other security bugs or, worse, expose secure information such as passwords, thus compromising individual computers or even entire server networks.

 

Two Vulnerability target specific processor 

 

The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD, and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

How to Secure Yourself From Meltdown And Spectre Security Flaws

 

The researchers said Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown Spectre. Microsoft said in a statement it had no information suggesting any compromised data but was “releasing security updates today to protect Windows customers against vulnerabilities.” Apple did not immediately return requests for comment.

Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
AMD chips are also affected by at least one variant of a set of security flaws but that it can be patched with a software update. The company said it believes there “is near zero risk to AMD products at this time.

Comment from Security Researcher 

 

Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it  probably one of the worst CPU bugs ever found” in an interview with Reuters.

Gruss said Meltdown was the more serious problem in the short term but could be decisively stopped with software patches. Spectre, the broader bug that applies to nearly all computing devices.

So be safe and be careful  and for tech news check our  other blogs 

Share On

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
brave browser

Get Our Awesome Tips Directly In Your Newsfeed. Like Us On Facebook.

You May Also Like

Leave a Comment

Your email address will not be published. Required fields are marked *

Share With Love

Share this page with your friends and family and help them find support whenever they need it. 

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on whatsapp
WhatsApp
Techyuga deals with repairing laptops, smartphones & others. Selling of laptop & smartphone parts and Selling of refurbished devices.
Facebook-f
Twitter
Youtube
Instagram
Pinterest
Linkedin
Medium

Laptop Repair

Phone Repair

About

Other Pages

Techyuga™, 2020. © All rights reserved

Designed By WebAdiz

Brave Browser

UPTO 70% FASTER

Download World's Fastest Browser Ever

CHECK NOW