It has been confirmed that a newly discovered flaws in Intel Processors at the hardware level could allow programs to steal data from running applications. In a typical case, programs are not allowed to read data from other programs. However a malware exploiting these new vulnerabilities can get data from the memory of currently running programs. This includes confidential information such as business-critical documents, passwords, login details, encryption keys, etc. The vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).
The 2 differ as follows in the way they perform; Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.
It should be noted that Cloud providers which use Intel CPUs and as virtualization without having patches applied and hypervisor systems, such VM Hosting Servers that rely on containers that share one kernel will be particularly affected by both vulnerabilities.
- Meltdown affects every Intel processor which implements out-of-order execution, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).
- Spectre on the other hand affects all modern processors capable of keeping many instructions in flight. Essentially, almost every system from Desktops, Laptops, Cloud Servers, VM Hosts to even Smartphones are vulnerable. It has been tested and verified on Intel, AMD and ARM Processors.
Note that unlike typical malware exploits that can leave traces in log files, Meltdown and Spectre does not leave any trace, making it more difficult to determine if a system is already infected.
Securing against Meltdown and Spectre
Patches are being deployed/built for all major Operating Systems by their respective developers. This includes Linux, Windows and OS X. Please follow following link to obtain security patch updates and mitigation.
- Microsoft Servers - https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s
- Microsoft Workstations - https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892
- Red Hat Linux - https://access.redhat.com/security/vulnerabilities/speculativeexecution
- Apple OS X - https://support.apple.com/en-us/HT208331
- Android - https://source.android.com/security/bulletin/2018-01-01
- ARM - https://developer.arm.com/support/security-update
- VMware - https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
Do note however that these patches have been reported to degrade system performance by a notable percentage, although it would be more advisable to secure your system than leave it vulnerable.