Monday, March 16, 2020

What You Need to Know about Meltdown and Spectre



What are Meltdown and Spectre?


Meltdown and Spectre and are side-channel vulnerabilities that enable attacks based on information gained from the physical implementation of almost all CPUs manufactured since 1995. Essentially, normal interactions between operating system memory management and CPU optimization technologies could allow attacks that expose otherwise secure and private information.

The vulnerabilities were identified simultaneously by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz), and others.



Meltdown

Meltdown breaks the isolation between user applications and operating systems. A Meltdown attack could allow an application to access the memory, and thus information, of other applications and the underlying operation system.

Spectre

Spectre breaks the isolation between applications and allows attackers to trick otherwise normal and well-designed applications into leaking information. Some safety checks and best practices can even increase the attack surface and make applications more vulnerable to Spectre.


Is my Business Affected by these Vulnerabilities?


Yes. These two vulnerabilities can be exploited to expose any information contained in memory on almost every computing system manufactured in the past two decades, including workstations, tablets, cell phones, IoT devices, and most importantly servers hosted in collocated, virtualized, and cloud environments, such as managed cloud hosting.

Shared cloud environments are particularly vulnerable as an attack on one vulnerable virtual machine could expose the information on other environments on the same physical host. JavaScript based attacks are also possible through a web browser.

Microsoft, Apple, Arm, Google, Intel, Amazon, VMware, Citrix, various Linux providers, and Mozilla have all confirmed that their hardware and/or software is vulnerable to these attacks. Everything you and your company uses on a daily basis is vulnerable. Visit source to read more.


Contact Us:

Pathway Communications
Address: 95 Apple Creek Blvd.
City: Markham
State: Ontario
Zip Code: L3R 1C7
Phone: 416-214-6363
Email: anusha.parikh@pathcom.com
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)