Meltdown and Spectre - Two serious Security Holes in the CPU severely
In early 2018, it looks like Intel and AMD have had a head start ... not good, especially with Intel !
What do you do when you find a security hole? Update your security patches and use Anti-Virus software, then continue using your computer? That is a good solution for most users. But believe me, this time not so easy because there are 2 very serious Security Hole has just been announced at the beginning of the New Year 2018, Happy New Year! It's the Meltdown and Specter holes. Unlike the majority of other Vulnerabilities, Spectre and Meltdown is basic errors in the structure of the CPU. It is available on ALL x86 CPU and ARM CPU, threaten billions of electronic devices worldwide. Meltdown and Spectre will sit all the world renders with the corollary. So how to protect ourselves before two scary security holes? Keep computer and smartphone stay away, turn off all electronic devices! Get out of the house and exercise, let be in harmony with nature! Your government and country will down because of the large scale Meltdown and Specter attacks if they do not turn off electronic devices! I'm just kidding, there have been no attacks involving Specter and Meltdown!So...
...What's Meltdown and Spectre
The concern is: Meltdown and Spectre vulnerability appears on the CPU since 1995
What's Meltdown?
Download the Meltdown vulnerability document
What's is Spectre?
Download the Spectre vulnerability document
You can watch an attack video using the Meltdown Vulnerability
 |
| Spectre and Meltdown vulnerability |
What do you do when you find a security hole? Update your security patches and use Anti-Virus software, then continue using your computer? That is a good solution for most users. But believe me, this time not so easy because there are 2 very serious Security Hole has just been announced at the beginning of the New Year 2018, Happy New Year! It's the Meltdown and Specter holes. Unlike the majority of other Vulnerabilities, Spectre and Meltdown is basic errors in the structure of the CPU. It is available on ALL x86 CPU and ARM CPU, threaten billions of electronic devices worldwide. Meltdown and Spectre will sit all the world renders with the corollary. So how to protect ourselves before two scary security holes? Keep computer and smartphone stay away, turn off all electronic devices! Get out of the house and exercise, let be in harmony with nature! Your government and country will down because of the large scale Meltdown and Specter attacks if they do not turn off electronic devices! I'm just kidding, there have been no attacks involving Specter and Meltdown!So...
...What's Meltdown and Spectre
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
- MeltdownAttack.com -
The concern is: Meltdown and Spectre vulnerability appears on the CPU since 1995
What's Meltdown?
 |
| Meltdown vulnerability |
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
- MeltdownAttack.com -
CVE-2017-5754 is the official reference to Meltdown.Download the Meltdown vulnerability document
 |
| Foreground: Kernel memory being read out by our meltdown proof-of-concept. Background: Actual kernel dump. Both views show identical data, the exploit is successful. |
 |
| Spectre vulnerability |
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
- MeltdownAttack.com -
CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre.Download the Spectre vulnerability document
You can watch an attack video using the Meltdown Vulnerability
Thanks to these people for discovering Meltdown and Spectre:
* Jann Horn (Google Project Zero) (for Meltdown and Spectre)
* Werner Haas, Thomas Prescher (Cyberus Technology) (for Meltdown)
* Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology) (for Meltdown and Spectre)
* Paul Kocher (for Spectre) in collaboration with:
+ Mike Hamburg (Rambus)
+ Yuval Yarom (University of Adelaide and Data61)
Some pentest tools related to Meltdown vulnerability:
* Meltdown
