(Last Updated On: January 8, 2018)

Meltdown and Spectre madness

TV networks have had headlines about two new bugs, Meltdown and Spectre on Intel platforms. As of today(5th January 2018), Apple has announced that all iPhones, iPads and Mac computers are affected by two major flaws in computer chips. We’ll give you a quick breakdown of what’s happening, whether it affects you and how to protect yourself.

On New Years day, Google reported that they’d found serious security flaws, which they dubbed “Spectre” in chips made by Intel, ARM and AMD.The “Meltdown” bugs affect Intel-made and ARM chips. Apparently the chip providers were aware of these bugs and had attempted to silently patch them. Intel CEO Brian Krzanich, quietly sold off 245,000 of his shares, in October last year.

 

Different processes running on a computer have extremely limited or no access to system memory. Meltdown allows different programs access to the system memory. A drawing program can thus have access to the passwords you type into your browser.

It’s called Meltdown because the bugs melts down security boundaries normally enforced by system hardware.

Spectre tricks other applications into accessing arbitrary locations in their memory. Using side channels, rogue programs can gain access to privileged areas of memory they wouldn’t otherwise have access to.

This bug is named Spectre because it causes speculative execution. A skilled attacker can grope around system memory looking for desirable morsels. This is a (relatively) new class of vulnerabilities. Some 3-letter agencies are probably working overtime to craft new exploits based on this bug. That is, if it’s not already old news to them.

How you can protect yourself

Patch and update all your software and operating systems immediately. Meltdown will probably be patched quickly, like a ghost, Spectre may haunt us for a while.

Technical analyses of these bugs can be found here and here. A Google blog about side-channel attacks can be found here.

 


1 Comment

Intel updates will slow down some machines - The Hacker University · January 11, 2018 at 7:54 pm

[…] The lowdown on Meltdown and Spectre […]

Leave a Reply

Your email address will not be published. Required fields are marked *


CAPTCHA Image
Reload Image
Visit Us On Twitter