meltdown spectre kernel vulnerability

Meltdown and Spectre vulnerability : All you need to know & how to protect yourself

What are Spectre & Meltdown?

Hacking was never limited to software or programming language only, an error in the output of one logic gate out of millions present in standard processors can be very dangerous too.

Speculations about the major bug in Intel processors were there among tech experts and finally, it has been released, Two major vulnerability found by security researchers disclosed by the Google project zero team, two creative names for the vulnerability are given Meltdown and Spectre.

Most importantly these flaws affect nearly every device made in the past 20 years and could allow attackers to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain keystrokes, passwords, and other valuable information.

Meltdown affects Intel processors and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.

Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.

It works differently from Meltdown, Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. This is a trickier one to pull off, but because it’s based on an established practice in multiple chip architectures, it’s going to be even trickier to fix.

The impact of these vulnerabilities is an attacker who can run code on a computer can potentially gain access to memory space outside the bounds of its normal authorization.

According to security researchers, Meltdown can be fixed partially by some software hacks, but spectre need a hardware level optimization, it will take a significant time to fix it and there is no other way out.

Work has already been started, security researchers are releasing their updates on these bugs. Many updates are coming in future from Intel, many debates are happening on slowing down of Intel processors through the coming updates.

 “Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time,” says Intel. “While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.”


How To Protect Yourself

  1. Update your operating systems with the latest patches

Windows, Apple, and Amazon all are working on some software hack to minimize the effect as much as possible.

      2. Update your browsers

Follow browser recommendations(chrome, Firefox,IE) to mitigate the impact of these bugs on your systems, Firefox 57 has mitigation in place, chrome 64 will have mitigation (release targeted on 23 January).

Use vaults, Vault gives you the option to securely synchronize passwords across browsers using native browser extensions. The extension helps you auto-fill passwords and automatically log in to websites and web applications.Funds to which you do not need immediate access should be placed in a vault.The vault will enforce multi-party approval and a time locked withdrawal process that is resistant to an attacker even if they have full account access.

These are major architectural level bugs hence frankly there is no way to get instant solutions for these bugs, hence be aware of the latest coming, backup all important data, be safe there is lot more to

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *