Meltdown and Spectre: Chip Vulnerabilities CouldFacilitate Memory Leaks
Most modern processors, regardless of operatingsystem, are affected by vulnerabilities.
A series of newly discovered vulnerabilitiesaffecting processor chips could permit attackers to gain unauthorized access toa computer’s memory. Dubbed Meltdown and Spectre, the vulnerabilities affectnearly all modern processors and can only be mitigated through operating systempatches.
Of the two, Meltdown poses the greatest threatbecause it is easier to exploit and affects all kinds of computers, includingpersonal computers and virtual machines in the cloud. Symantec is not aware ofeither vulnerability being exploited in the wild.
All of these malicious activities can be blockedby Norton products. Nevertheless, users are advised to apply operating systempatches as soon as they are made available.
Both Meltdown and Spectre exploit flaws inprocessors in order to bypass memory isolation in the operating system.Operating systems are designed in a way to block one application from accessingmemory being used by another. If memory isolation fails to work, a maliciousapplication could steal information from memory being used by otherapplications.
What is Meltdown?
Meltdown (CVE-2017-5754) exploits a flaw inout-of-order execution, a performance feature found in many modern processorchips. The researchers who discovered it have confirmed that it affects everyIntel processor since 1995 (with the exception of pre-2013 Intel Itanium andIntel Atom processors). However, they added that it remains unclear whether ARMand AMD processors are also affected by the vulnerability.
If successfully exploited, an attacker canobtain a copy of the entire kernel address space, including any mapped physicalmemory, in other words, any data stored in memory at the time of the attack.
Meltdown can be exploited regardless of theoperating system a computer is running. It affects both individual computersand any computers hosting cloud services, meaning an attack on a single servercould lead to the compromise of multiple virtual machines running on thatserver.
Exploitation against cloud services ispotentially the most worrying scenario, since the Meltdown can be exploited ona virtual machine in order to access memory from the host machine. Attackerscould potentially buy space on a vulnerable cloud service and use it to stagean attack against other customers using the same host.
What is Spectre?
Spectre (CVE-2017-5753 and CVE-2017-5715) has asimilar outcome but works in a slightly different way, and exploits a flaw inprocessor design to trick an application into leaking information stored inmemory.
According to the team who discovered Spectre,virtually all modern processors are affected by the vulnerability, includingIntel, AMD, and ARM chips. Once again, the vulnerability is operating systemagnostic.
Users are advised to apply operating systempatches immediately. Patches have already been released for Microsoft Windows,Apple macOS, and Linux to patch Meltdown. Spectre is reportedly more difficultto patch but also more difficult to exploit. Work is underway to hardensoftware against any potential exploits.
Operating system vendorshave already warned that patching is likely to have a performance impact onaffected computers. According to Microsoft, the impact may not be noticeable onmost consumer devices, however the specific impact “varies by hardwaregeneration and implementation by the chip manufacturer.” The developers of theLinux patch said average performance could decline by 5 percent, but instancesof a 30 percent decline were observed.
THERE ARE SO MANYDIFFERENT KINDS OF DIGITAL THREATS TO YOUR CUSTOMERS.
Fortunately, there’s onepartner for all your digital safety needs.
Millions of peopleeverywhere have come to trust their devices to Norton.