Google’s Project Zero team discovered a serious flaw that can let hackers to steal down passwords, encryption keys and system information from the system memory. They have disclosed a detailed article on their blog stating that the major issue arose due to a ‘speculative execution‘- a technique used by modern processors.
Jann Horn, the Project Zero researcher manifested that hackers can take advantage of this serious security flaw.
The speculative execution is a method which is widely used by the modern processors in order to optimize the performance. A speculative execution does the job of performing tasks which are not needed. It executes the tasks based on assumption, if the tasks are needed then it alters the changes and vice versa.The main objective of this speculative execution is to support concurrency, if the resources are available.
This security flaw can let the malicious people access the system memory which is usually inaccessible.
Spectre and Meltdown
The Meltdown and Spectre are the two similar security flaws that affect the chip level architecture of the major chip set makers such as Intel, AMD, and ARM.
” These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them. “
This flaw allows the attacker to access the low-level kernel and steal away the sensitive information. Usually, the low-level kernel holds all the sensitive information which is protected from program access, user access and it does not allow any applications to overwrite this layer. Any attack is impossible to be revealed at this layer since the attack does not leave traces.
The Meltdown flaw affects only the Intel family processors and looks like it can be controlled after the patches are released whereas the Spectre affects the majority of the processors and it seems a difficult to patch though.
Both the flaws has put forth the majority of personal computers, servers and cloud computing to risk.
Intel: The security flaw with the Meltdown affecting the chip sets for over two decades. Though they confirmed that the exploits do not have the potential to corrupt, modify or delete data.
AMD: AMD researcher confirmed that its chip sets are not affected by meltdown flaw. AMD has not released any details on how they mitigate the issues.
Apple: Apple designing their own chip sets and Operating systems for mobile devices but they rely on chip sets from Intel and AMD. The company has released patched iOS against the Meltdown flaws. Apple has confirmed that the Safari browser will get an update to avoid this problem.
Amazon: Amazon rolled out several patches for its Amazon Web Services against Meltdown attacks. And the patches seems not to impact on the performance since their roll-out.
Google: Google releasing various updates to mitigate the issues.
How to protect yourself?
- Update your device Operating System.
- Download and install the updates from the PC’s manufacturer.
- Ensure your internet browser is up to date.