The good news is that both of Open-E’s software product lines are not vulnerable to Meltdown and Spectre attacks. No wonder, the malicious software can get through to sensitive user data. At the beginning of 2018 t he Internet has dropped the bombshell regarding Meltdown and Spectre attacks (in this particular order) which has immediately electrified the entire community. Mozilla, whose team confirmed that browser-based attacks may be possible, addressed the vulnerabilities with Firefox 57.Meltdown and Spectre: Open-E software not vulnerableĬurrently there’s no one among IT enthusiasts who has not heard about the recently revealed ‘gaps’ in processor security. Nexus and Pixel devices can automatically download the update.Īpple’s macOS has been reportedly patched in version 10.13.2, while 64-bit ARM kernels were also updated. Note that patching on Android is fragmented, so users need to notify their OEMs for their availability. A separate security update for Android will also be released on January 5. They also released a Security Patch Level (SPL) for Android covering updates that can further limit attacks that may exploit Meltdown and Spectre. Google has published mitigations on the infrastructure/products that may be affected (YouTube, Google Ads, Chrome, etc.). Microsoft also issued recommendations and best practices for clients and servers. Updates/fixes for Windows 7 and 8 will be deployed on the January Patch Tuesday on January 9. Microsoft issued a security bulletin and advisory ahead of their monthly patch cycle to address these vulnerabilities in Windows 10. Thankfully, Intel and Google reported they have not yet seen attacks actively exploiting these vulnerabilities so far. Google’s Project Zero has proof-of-concept (PoCs) exploits that work against certain software. It’s also worth noting that the patches that have been released for Windows and Linux OSs can reportedly reduce system performance by five to 30 percent, depending on the workload. Cloud-computing, virtual environments, multiuser servers-also used in data centers and enterprise environments-running these processors are also impacted. The potential impact is far-reaching: Desktops, laptops, and smartphones running on vulnerable processors can be exposed to unauthorized access and information theft. Meltdown is related to the way privileges can be escalated, while Spectre entails access to sensitive data that may be stored on the application’s memory space. Intel processors built since 1995 are reportedly affected by Meltdown, while Spectre affects devices running on Intel, AMD, and ARM processors. However, this technique permits access to normally isolated data, possibly allowing an attacker to send an exploit that can access the data. It’s an industry technique used to optimize processor performance. Modern processors are designed to perform “ speculative execution.” This means it can “speculate” the functions that are expected to run, and by queuing these speculations in advance, they can process data more efficiently and execute applications/software faster. Spectre reportedly affects processors from Intel, Advanced Micro Devices (AMD), and Advanced RISC Machine (ARM). Spectre, designated as CVE-2017-5753 and CVE-2017-5715, can allow attackers to steal information leaked in the kernel/cached files or data stored in the memory of running programs, such as credentials (passwords, login keys, etc.). Meltdown, designated as CVE-2017-5754, can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS). Here’s what you need to know about these flaws: What are Meltdown and Spectre? Microsoft, Linux, Google, and Apple started rolling out patches addressing design flaws in processor chips that security researchers named Meltdown and Spectre.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |