Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers - From The Guardian
An article, entitled, "Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers," by author, Samuel Gibbs, appeared in the January 4, 2018, edition of The Guardian. It delineates deadly "security flaws that could let attackers steal sensitive data, including passwords and banking information," which, according to the article, "have been found in processors designed by Intel, AMD and ARM."
These serious flaws, "named," the article continues, "Meltdown and Spectre, were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system."
Gibbs quoted "Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw," as having stated, "Meltdown is “probably one of the worst CPU bugs ever found”. It is "currently thought to primarily affect Intel processors manufactured since 1995, excluding the company’s Itanium server chips and Atom processors before 2013. It could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory."
The article went on to describe the, "Spectre flaw," which, "affects most modern processors made by a variety of manufacturers, including Intel, AMD and those designed by ARM, and potentially allows hackers to trick otherwise error-free applications into giving up secret information. Spectre is harder for hackers to take advantage of but is also harder to fix and would be a bigger problem in the long term, according to Gruss."
Derive Technologies is an Intel Partner, and also a strategic alliance partner of HPE, HP, Inc., Microsoft, Apple and Amazon (re: Amazon Web Services (AWS)), among others. According to Gibbs, "'Intel has begun providing software and firmware updates to mitigate these exploits,’ said the company in statement." Additionally, "Apple and Microsoft had patches ready for users for desktop computers affected by Meltdown, while a patch is also available for Linux. Microsoft said it was in the process of patching its cloud services and had released security updates on 3 January for Windows customers."
“'All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,' said Apple," according to the article, "in a blog post." Also, Gibbs stated, "Amazon Web Services EC2 systems were already protected, but that 'customers must also patch their instance operating systems' to be fully protected."
Contact a Derive Security Specialist
Derive Technologies' IT Security team (part of our 360-degree Professional Services offering) is following all of the news about Meltdown and Spectre and working with our alliance partners to help our corporate and public sector (and government) clients to protect their systems and data. For more information about our complete portfolio of IT Security solutions, including risk assessment and planning, strategies and policies, and a comprehensive suite of security technology services, please call (212) 363-1111 [New York], (201) 299-9132 [New Jersey] or TOLL-FREE at (844) 363-1110, or complete the form on this page (please include "Derive IT Security Solutions" in the form's comments).