Meltdown & Spectre Security Vulnerabilities Affect Nearly All Devices

 |   |  Security
Meltdown & Spectre Security Vulnerabilities

Only days into 2018, and already new major security vulnerabilities have been disclosed. Referred to as “Meltdown” and “Spectre,” these weaknesses could affect the majority of computers, servers and mobile devices running Intel’s x86, x64 or ARM processors manufactured within the past 10 years, with some reports claiming that anything produced after 1995 could be impacted.

The vulnerabilities allow regular applications to access the protected memory in the kernel. A kernel is the core of an operating system. It’s a process that handles the most sensitive tasks in your system, making it one of the most serious attack vectors in modern operating systems. An attacker could potentially use legitimate software to read passwords stored in the kernel memory, private encryption keys, files cached from the hard drive and more.

Intel issued a statement indicating that they do not believe they are the only manufacturer affected, saying “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

Many of the technical details and possibly widespread effects are still unclear. Since the vulnerabilities are at the hardware level, the only possible fix would be a security patch at the software level (applied to the operating system). It has been reported that patches for several Linux distributions have become available, and Microsoft has just released an out of band patch for Windows 10 (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892).

While best practices should always be followed when installing software from the internet; extra caution should be used when installing untrusted or unsigned software during this time.

This threat is still evolving and we’ll keep you updated as needed when more information becomes available. As always, if you have any questions or concerns, don’t hesitate to reach out to us!

Leave a Reply

Your email address will not be published. Required fields are marked *

Eric Monda

Eric Monda

Eric Monda is an IT Security Analyst and has been with ADNET Technologies since 2006. His extensive experience in the field combined with his background in IT allow him to fully understand the technical needs of clients while providing solutions for the security issues organizations face.

Read full bio >