Get in touch now on

+61 7 3480 5121

Two severe vulnerabilities found in Intel’s hardware
04 January, 2018
This post was originally published on this site

Two severe vulnerabilities have been discovered in Intel chips, either of which could enable attackers to seize sensitive information from apps by accessing the core memory. The first vulnerability, Meltdown, can effectively remove the barrier between user applications and sensitive parts of the operating system. The second vulnerability, Spectre, also found in AMD and ARM chips, can trick vulnerable applications into leaking their memory contents.

Applications installed on a device generally run in “user mode,” away from the more sensitive parts of the operating system. If an app needs access to a sensitive area, for example the underlying disk, network, or processing unit, it needs to ask permission to use “protected mode.” In Meltdown’s case, an attacker could access protected mode and the core memory without requiring permission, effectively removing that barrier — and enabling them to potentially steal data from the memory of running apps, such as data from password managers, browsers, e-mails, and photos and documents.

In practical terms, that means arbitrary memory can be read using Meltdown. This can include passwords, encryption keys, logins, credit card information, and much more. With Spectre, on the other hand, the memory of a (vulnerable) application can be read. So for example, if you visit a website, JavaScript code on the website can read the logins and passwords that are stored in your browser’s memory.

Using #Meltdown to steal passwords in real time #intelbug #kaiser #kpti /cc @mlqxyz @lavados @StefanMangard @yuvalyarom

— Michael Schwarz (@misc0110) January 4, 2018

Meltdown and Spectre are hardware bugs, so patching can be quite tricky. Patches against Meltdown have been issued for Linux, Windows, and MacOS, but work is still on the way to harden applications against Spectre. You can find more information here.

In the meantime it is important, as

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row



Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia