Only days into 2018, and already new major security vulnerabilities have been disclosed. Referred to as “Meltdown” and “Spectre,” these weaknesses could affect the majority of computers, servers and mobile devices running Intel’s x86, x64 or ARM processors manufactured within the past 10 years, with some reports claiming that anything produced after 1995 could be impacted.
The vulnerabilities allow regular applications to access the protected memory in the kernel. A kernel is the core of an operating system. It’s a process that handles the most sensitive tasks in your system, making it one of the most serious attack vectors in modern operating systems. An attacker could potentially use legitimate software to read passwords stored in the kernel memory, private encryption keys, files cached from the hard drive and more.
Intel issued a statement indicating that they do not believe they are the only manufacturer affected, saying “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
Recommendations
Many of the technical details and possibly widespread effects are still unclear. Since the vulnerabilities are at the hardware level, the only possible fix would be a security patch at the software level (applied to the operating system). It has been reported that patches for several Linux distributions have become available, and Microsoft has just released an out of band patch for Windows 10 (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892).
While best practices should always be followed when installing software from the internet; extra caution should be used when installing untrusted or unsigned software during this time.
This threat is still evolving and we’ll keep you updated as needed when more information becomes available. As always, if you have any questions or concerns, don’t hesitate to reach out to us!