Security - Meltdown and Spectre

/

2 new security vulnerabilities affecting every modern Intel processors has been discovered. These hardware bugs allow data, such has passwords and sensitive information, to be leaked to the attacker. 

The vulnerability allows the attacker to read the contents of the systems memory while the applications are running. this includes web browsers, email and business applications.

Cloud service providers have been frantically patching their systems to prevent data being stolen between its customers.

meltdown-text.png

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.

If you are wondering if you are affected by these exploits, the answer is probably yes.

What can you do to Mitigate this?

Patches and workarounds are available for these exploits, please contact ATS to discuss what is required to patch your infrastructure.