Computer chip flaws -Meltdown and Spectre processor security flaws.
What is Meltdown and Spectre ?
# Meltdown - Meltdown enables a program to read the protected kernel memory.It is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected.
# Spectre -it is a vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution,by allowing malicious processes access to the contents of other programs' mapped memory..it is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.
Who Discovered Meltdown and Spectre ?
Meltdown was independently discovered and reported by Jann Horn from Google’s Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology and Daniel Gruss, Moritz Lipp, Stefan
Mangard and Michael Schwarz from Graz University of Technology in Austria.
Spectre was discovered independently by Jann Horn from Google's Project Zero, as well as Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom.
What is their Effects ?
Meltdown is “probably one of the worst CPU bugs ever found” according to Daniel Gruss,
who discovered the flaw. It is very serious in the short term and needs immediate attention.
The problem with Meltdown is that anything that runs as an application could in theory steal your data, including simple things such as javascript from a web page viewed in a browser.
Spectre This flaw can be used to exploit how modern CPUs prioritises and order processes and interactions with kernel and cache memory, and affects all manner of devices from smartphones to cloud servers.It is harder for hack but is also more difficult to fix and can create bigger problem.
Which devices is Affected ?
Apple "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple said in blog post.
Every computing device affected by Spectre, including laptops, desktops, tablets, smartphones and
even cloud computing systems.
How to Protect Yourself ?
A group of researchers and some tech companies including Google, discovered two major
security flaws on microprocessors, or ‘chips,’ inside many computers and mobile devices.
The researchers are calling the two vulnerabilities Meltdown and Spectre.
Meltdown only impacts Intel chips.
Meltdown only impacts Intel chips.
Google’s security team said Spectre affects devices that use chips from the companies AMD and ARM as well.
What is Meltdown and Spectre ?
# Meltdown - Meltdown enables a program to read the protected kernel memory.It is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected.
# Spectre -it is a vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution,by allowing malicious processes access to the contents of other programs' mapped memory..it is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.
Who Discovered Meltdown and Spectre ?
Meltdown was independently discovered and reported by Jann Horn from Google’s Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology and Daniel Gruss, Moritz Lipp, Stefan
Mangard and Michael Schwarz from Graz University of Technology in Austria.
Spectre was discovered independently by Jann Horn from Google's Project Zero, as well as Paul Kocher in collaboration with Daniel Genkin, Mike Hamburg, Moritz Lipp and Yuval Yarom.
What is their Effects ?
Meltdown is “probably one of the worst CPU bugs ever found” according to Daniel Gruss,
who discovered the flaw. It is very serious in the short term and needs immediate attention.
The problem with Meltdown is that anything that runs as an application could in theory steal your data, including simple things such as javascript from a web page viewed in a browser.
Spectre This flaw can be used to exploit how modern CPUs prioritises and order processes and interactions with kernel and cache memory, and affects all manner of devices from smartphones to cloud servers.It is harder for hack but is also more difficult to fix and can create bigger problem.
Which devices is Affected ?
Apple "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple said in blog post.
Every computing device affected by Spectre, including laptops, desktops, tablets, smartphones and
even cloud computing systems.
Google said its Android phones - which make up more than 80% of the global market - were protected if users had the latest security updates.
Microsoft has already released fixes for many of its services.Windows users should be aware that third-party anti-virus software may need to be updated before applying operating system patches.
How to Protect Yourself ?
How to Protect Yourself From Spectre :-
Microsoft has already released an update for Windows 10 patching the vulnerability, and is releasing patches for Windows 7 and Windows 8 soon. Microsoft suggests your anti-virus might be the culprit. If so, turn off your anti-virus program and use Windows Defender or Microsoft Security Essentials
Apple: Windows security expert, noted a fix was present in a new 10.13.3 update to macOS.
Browsers: Google Chrome, Mozilla’s Firefox, and Microsoft Edge have all updated or scheduled updates to patch the security flaw. You can update Google Chrome to its latest, patched version on January 23, or download Firefox’s latest update.
Android: Android users running the most recent version of the mobile operating system are protected, according to Google.
How to Protect Yourself From Spectre :-
It’s harder to defend against the more invasive Spectre flaw. According to researchers involved in discovering and reporting on the two exploits, software updates to patch particular flaws in Spectre are possible, though none are available yet, or are able to address the exploit completely without a redesign of the operating system and the microprocessor itself.
omfg !!!!
ReplyDeleteWtf! ��
ReplyDelete