I did not see a thread discussing this, so I post this in the hopes the mods pick up this story.
It has recently been disclosed that modern CPUs suffer from two critical CPU hardware bugs that allows an attacker to read kernel-protected RAM (i.e. all system RAM) from userspace. The exploits have been dubbed Meltdown and Specter. Both exploits are clever in that they exploit a feature called speculative execution--that is, modern CPUs try to guess at which instruction is next to be fetched, and then execute said instruction.
Meltdown is anIntel-specific problem Intel and ARM problem, and can and will be fixed on all major OSes soon, at a cost of up to 30% performance hit. Specter is more problematic as all CPUs that have speculative execution built in are vulnerable because the hardware engineers assumed (incorrectly!) that kernel memory was properly sequestered from userland processes at the hardware level.
What this all means is that as long as an attacker can run userland code, an attacker could use either bug to leak all kernel-mapped memory, leaking encryption keys, passwords, etc.
Meltdown will be fixed soon, while Specter requires new hardware. So everyone, update your phones, tablets, PCs, and be vigilant about what you do and download online.
Sources
https://www.nytimes.com/2018/01/03/business/computer-flaws.html
https://twitter.com/nicoleperlroth/status/948684376249962496
Update
Apparently certain ARM architectures are also vulnerable to Meltdown or a Meltdown-variant (as ARM calls it). The following architectures are affected: Cortex A75 (Meltdown); Cortex A72, Cortex A57, Cortex A15 (Meltdown-variant). Users with affected Cortex cores (cell phones mostly) are advised to update their OSes once security updates are rolled out.
Source: https://developer.arm.com/support/security-update
It has recently been disclosed that modern CPUs suffer from two critical CPU hardware bugs that allows an attacker to read kernel-protected RAM (i.e. all system RAM) from userspace. The exploits have been dubbed Meltdown and Specter. Both exploits are clever in that they exploit a feature called speculative execution--that is, modern CPUs try to guess at which instruction is next to be fetched, and then execute said instruction.
Meltdown is an
What this all means is that as long as an attacker can run userland code, an attacker could use either bug to leak all kernel-mapped memory, leaking encryption keys, passwords, etc.
Meltdown will be fixed soon, while Specter requires new hardware. So everyone, update your phones, tablets, PCs, and be vigilant about what you do and download online.
Sources
https://www.nytimes.com/2018/01/03/business/computer-flaws.html
https://twitter.com/nicoleperlroth/status/948684376249962496
Update
Apparently certain ARM architectures are also vulnerable to Meltdown or a Meltdown-variant (as ARM calls it). The following architectures are affected: Cortex A75 (Meltdown); Cortex A72, Cortex A57, Cortex A15 (Meltdown-variant). Users with affected Cortex cores (cell phones mostly) are advised to update their OSes once security updates are rolled out.
Source: https://developer.arm.com/support/security-update
Last edited by sansnumen,