Spectre and Meltdown Security Flaws

Spectre_with_text

So what exactly is Sprectre and Meltdown and how will it affect you? As you may know, computers run on processors, or chips, either by Intel, AMD and ARM. Any device that contains these chips are vulnerable. Both Meltdown and Sprectre most likely will not be detected by Antivirus software because it exploits vulnerabilities of how software interacts with the hardware. Spectre and Meltdown affects every major operating system to date, inlcuding, Windows, Linux, and Apple, as well as virtualization software. Because the way that embedded systems interact with the hardware, most embedded IoT, (Internet of Things) devices, as well as QNX operating system is not affected.

What is Meltdown?

Meltdown is a vulnerability that affects desktop, laptops and cloud computers, or basically any device with an Intel processor that supports out-of-order execution which is pretty much every processor developed since 1995. Meltdown does not appear to affect AMD or ARM based processors at this time.

What is Spectre?

Spectre is a vulnerability that that affects almost every system out there, such as desktops, laptops, cloud servers, smart phones and tablets. Or, pretty much any processor that supports many instructions in flight, or cached instructions. Spectre has been proven to affect Intel, AMD and ARM processors.

Meltdown affects your system by allowing access to your system memory. This means passwords or any sensitive data on your system.

Spectre can trick applications into accessing specific areas in memory that would normally be protected from being accessed. Spectre is the more severe of the two as there isn’t an easy fix to the issue.

It should be noted that Spectre and Meltdown are exploits, and take advantage of how the operating systems interact with the processors themselves. It should also be noted that these exploits need to be local to the machine which makes it difficult for a driveby attack.

So What Can I do?

All major OS vendors are currently working on a fix and will provide a software update once one becomes available. Its possible that you may notice a small decrease in performance with your computer once the patches have been installed. Larger data centres or computers that are ‘kernal intensive’ will notice larger degrees of degradation with their systems.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s