How Meltdown and Spectre can affect you

By docubank_expert data security, vulnerability, IT infrastructure Comments

In January, cyber-world was spinning around two critical CPU vulnerabilities called Meltdown and Spectre. They are both hardware bugs that can allow attackers to steal information from the memory of other programs. Both Intel, AMD, and several other brands are included in one or the other attack. Attention started to focus on the problem after Intel was included in Meltdown related situations, but with the appearance of Spectre AMD and AMR were involved as well. Emergency system updates were released shortly afterwards by Microsoft, and Amazon for their cloud services so the threats would be eliminated as quickly as possible. System updates are also available by Microsoft and patches came out for OS and Linux for their individual users.

Explaining Meltdown and Spectre

The problem lies with modern processors, which use a technique to help and optimize performance. They try to predict future instructions that will be given to them next. Then they queue up and execute the necessary bits of codes, so they can stay ahead of the game. However, when they make wrong guesses they can undo these speculative codes, but they can leave behind pieces of data that can be accessed later.

Meltdown and Spectre exploit this method and abuse it by allowing malicious programs to get access to data that should have been kept secret.

Meltdown can read the contents of private kernel memory from an unprivileged user. This vulnerability is included in almost all of Intel processors released since 1995, with only some exceptions. Spectre can extract information from other running processes. The affected processors include Intel, ARM, and AMD. It is harder to patch than Meltdown, however, fixes have already been made.

For now, the best is not to panic and take security system updates and other measurements into count. Test, implement and use firmware updates as they are made available, to avoid further complications that can be originated from these two vulnerabilities. On the downside, the patches might impact performance in a negative way, but vendors are insisting they should be insignificant to the average user.

You might also be interested in:

A message that can crash any iPhone

Join Our Mailing List!

Sign-up today to receive our DocuBank newsletter and stay informed about our solutions and services, plus get exclusive content and product discounts.