[Update 01/08: Apple releases new security update to protect Safari against the Spectre attack]
In case you have missed recent media reports, a security vulnerability in Intel and other tech companies’ CPUs has been discovered that affects nearly every major platform.
Named Meltdown and Spectre, the security vulnerabilities allow programs to steal data, which is currently processed on the computer. As MacRumors has reported, the companies involved have began to make statements about the issue.
For those concerned about how the vulnerability might affect them, spectreattack.com has put together a Q&A with extensive information about the bug including which systems are affected and what can be done, as well as more technical information about Meltdown and Spectre.
Below is a summary of each bug via spectreattack.com:
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
Leave a Reply