We always see that we often get security patch update for our devices. No matter what are we working on whether it is¬†Windows, Linux, and macOS including phones laptop and phones have all received¬†security patches¬†that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. But still, we often hear now that¬†Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it.
After a lot of research now we know what the problem was. And it’s not great news because there are in fact¬†two related families of flaws¬†with similar impact, and only one of them has an easy fix.
The Two major flaws or say problems are¬†Meltdown and Spectre. These two flaws were discovered by¬†researchers from the Technical University of Graz in Austria, German security firm Cerberus Security, and¬†Google’s Project Zero.
If you don’t know how instructions work, then let us tell you that¬†All modern processors perform a speculative execution to a greater or lesser extent; they’ll assume that, for example, a given condition will be true and execute instructions accordingly. If it later turns out that the condition was false, the speculatively executed instructions are discarded as if they had no effect.
When some instruction gets discarded and if data didn’t get alter the outcome of a program. They do make changes to the lowest level architectural features of the processors. This interrupted data can load data into the cache and never removed after interruptions.¬†The presence of the data in the cache can then be detected because accessing it will be a little bit quicker than if it weren’t cached. Which can be hampered easily.
What are Meltdown and Spectre :
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
As per the information, Almost every Intel processor released since 1995 are potentially affected by Meltdown. Talking about ARM and AMD processors it is still unclear that they are vulnerable or not.¬†As for Spectre, which is harder to exploit than Meltdown but also harder to mitigate (there is still no fix for it), it affects all modern Intel, AMD, and ARM processors.
Yesterday, Microsoft released its security patch which will just fix Meltdown. And it also includes some specific fixes for¬†¬†Microsoft Edge and Internet Explorer 11. We recommend You to update the security patch. To avoid any kind of meltdown attacks.
let’s see what other companies do to avoid these attacks. Till then stay tuned to GizCentral for more news related to TECH.