Symantec has released the following detection for attempts to exploit the Multiple CPU Hardwares Information Disclosure Vulnerability (CVE-2017-5753/Spectre):

 

A series of newly discovered vulnerabilities affecting processor chips could permit attackers to gain unauthorized access to a computer’s memory. Dubbed Meltdown and Spectre, the vulnerabilities affect nearly all modern processors and can only be mitigated through operating system patches.

 

Of the two, Meltdown poses the greatest threat because it is easier to exploit and affects all kinds of computers, including personal computers and virtual machines in the cloud. Symantec is not aware of either vulnerability being exploited in the wild.

 

The vulnerabilities are significant, since a successful exploit could allow attackers to gain unauthorized access to sensitive data, including passwords. However, exploit of any vulnerable computer would require an attacker to gain access to the targeted computer via a prior step, such as running a malicious application on it; through JavaScript which triggers an exploit in order to run as native code; or running JavaScript to map the kernel. All of these malicious activities can be blocked by Symantec products. Nevertheless, users are advised to apply operating system patches as soon as they are made available.

 

Both Meltdown and Spectre exploit flaws in processors in order to bypass memory isolation in the operating system. Operating systems are designed in a way to block one application from accessing memory being used by another. If memory isolation fails to work, a malicious application could steal information from memory being used by other applications.

 

What is Meltdown?
Meltdown (CVE-2017-5754) exploits a flaw in out-of-order execution, a performance feature found in many modern processor chips. The researchers who discovered it have confirmed that it affects every Intel processor since 1995 (with the exception of pre-2013 Intel Itanium and Intel Atom processors). However, they added that it remains unclear whether ARM and AMD processors are also affected by the vulnerability.

 

If successfully exploited, an attacker can obtain a copy of the entire kernel address space, including any mapped physical memory, in other words, any data stored in memory at the time of the attack.

 

Meltdown can be exploited regardless of the operating system a computer is running. It affects both individual computers and any computers hosting cloud services, meaning an attack on a single server could lead to the compromise of multiple virtual machines running on that server.

 

Exploitation against cloud services is potentially the most worrying scenario, since the Meltdown can be exploited on a virtual machine in order to access memory from the host machine. Attackers could potentially buy space on a vulnerable cloud service and use it to stage an attack against other customers using the same host.

 

What is Spectre?
Spectre (CVE-2017-5753 and CVE-2017-5715) has a similar outcome but works in a slightly different way, and exploits a flaw in processor design to trick an application into leaking information stored in memory.

 

According to the team who discovered Spectre, virtually all modern processors are affected by the vulnerability, including Intel, AMD, and ARM chips. Once again, the vulnerability is operating system agnostic.

 

Mitigation
Users are advised to apply operating system patches immediately. Patches have already been released for Microsoft Windows, Apple macOS, and Linux to patch Meltdown. Spectre is reportedly more difficult to patch but also more difficult to exploit. Work is underway to harden software against any potential exploits.

 

Operating system vendors have already warned that patching is likely to have a performance impact on affected computers. According to Microsoft, the impact may not be noticeable on most consumer devices, however the specific impact “varies by hardware generation and implementation by the chip manufacturer.” The developers of the Linux patch said average performance could decline by 5 percent, but instances of a 30 percent decline were observed.


RECOMMENDED ARTICLE FOR TECHWORLD


 
AOC Takes the Lead in the Philippine Market Share throughout 2017
Techworld Date Posted: 31 July 2018 3:45 PM | 638 Views
The most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, has confirmed that AOC under the Multi Media Display (MMD) group has retained its spot in Philippine.... See More
 
AOC Takes the Lead in the Philippine Market Share throughout 2017
Techworld Date Posted: 3:45 PM | 638 Views
The most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, has confirmed that AOC under the Multi Media Display (MMD) group has retained its spot in Philippine...See More

 
Sing Your Way to Security: Unique, Memorable Passwords Made Stronger than Constant Change, Says Kaspersky Lab Researchers
Techworld Date Posted: 2 February 2019 10:14 AM | 74 Views
To mark Change Your Password Day, 2019, Kaspersky Lab’s security researchers are advising users that unique, memorable passwords are stronger and more effective than regularly changing account passwords when it comes to keeping data.... See More
 
Sing Your Way to Security: Unique, Memorable Passwords Made Stronger than Constant Change, Says Kaspersky Lab Researchers
Techworld Date Posted: 10:14 AM | 74 Views
To mark Change Your Password Day, 2019, Kaspersky Lab’s security researchers are advising users that unique, memorable passwords are stronger and more effective than regularly changing account passwords when it comes to keeping data...See More

 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 26 June 2018 4:58 PM | 368 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is.... See More
 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 4:58 PM | 368 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is...See More

 
The Numerical Pad: Why so Special
Techworld Date Posted: 31 July 2017 9:32 AM | 227 Views
The numerical pad (which from now on we will call the "numpad") might just seem pretty useful to call center agents, cashiers, and telecomm operators. In computers, we already have numbers above our letter.... See More
 
The Numerical Pad: Why so Special
Techworld Date Posted: 9:32 AM | 227 Views
The numerical pad (which from now on we will call the "numpad") might just seem pretty useful to call center agents, cashiers, and telecomm operators. In computers, we already have numbers above our letter...See More

 
Data Risks Give No Rewards, Kaspersky Lab Warns
Techworld Date Posted: 5:04 PM | 400 Views
Users are putting their precious and sensitive data in danger, by the way they share both their information, and their physical devices containing this information with others. Kaspersky Lab's My Precious Data: Stranger Danger.... See More
 
Data Risks Give No Rewards, Kaspersky Lab Warns
Techworld Date Posted: 5:04 PM | 400 Views
Users are putting their precious and sensitive data in danger, by the way they share both their information, and their physical devices containing this information with others. Kaspersky Lab's My Precious Data: Stranger Danger...See More

 
Shaping the Leaders of Tomorrow
Techworld Date Posted: 9 August 2017 2:55 PM | 263 Views
From left: Harriet B. Fernandez, Director, Computing and Information Services Office, Lennie K. Ong, University Treasurer, Edison B. Sasoy, Vice President for Administration, Fr. Roberto C. Yap, SJ, University President, Mr. Cricket Santiago, President.... See More
 
Shaping the Leaders of Tomorrow
Techworld Date Posted: 2:55 PM | 263 Views
From left: Harriet B. Fernandez, Director, Computing and Information Services Office, Lennie K. Ong, University Treasurer, Edison B. Sasoy, Vice President for Administration, Fr. Roberto C. Yap, SJ, University President, Mr. Cricket Santiago, President...See More

 
Cebu Pacific’s GetGo Partners with CuroTek for Contact Center Services, Improved Customer Experience
Techworld Date Posted: 27 December 2018 2:13 PM | 156 Views
CuroTek (Curo Teknika, Inc.), the country’s preferred Managed IT Services and Contact Center partner of market-leading enterprises, recently penned a partnership with Cebu Pacific to provide Managed Omni Channel Contact Center Services to. See More
 
Cebu Pacific’s GetGo Partners with CuroTek for Contact Center Services, Improved Customer Experience
Techworld Date Posted: 2:13 PM | 156 Views
CuroTek (Curo Teknika, Inc.), the country’s preferred Managed IT Services and Contact Center partner of market-leading enterprises, recently penned a partnership with Cebu Pacific to provide Managed Omni Channel Contact Center Services toSee More

 
IDC: Energy Companies in the Philippines Focus on Cost Management and Efficiency in Challenging Economic Situation
Techworld Date Posted: 9 August 2017 2:48 PM | 371 Views
The continuous pressure to support energy requirements for national growth in the Philippines urged local energy companies to prioritize on cost management and operational excellence. Local energy companies are finding new ways to maximize.... See More
 
IDC: Energy Companies in the Philippines Focus on Cost Management and Efficiency in Challenging Economic Situation
Techworld Date Posted: 2:48 PM | 371 Views
The continuous pressure to support energy requirements for national growth in the Philippines urged local energy companies to prioritize on cost management and operational excellence. Local energy companies are finding new ways to maximize...See More

 
MSI Gaming Is Coming in Cebu This December
Techworld Date Posted: 29 November 2017 4:53 PM | 284 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, is taking a big step in announcing their new concept corner to be launch this December 2017. . See More
 
MSI Gaming Is Coming in Cebu This December
Techworld Date Posted: 4:53 PM | 284 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, is taking a big step in announcing their new concept corner to be launch this December 2017. See More

 
Moto E4 Plus Empowers Gamers to Level Up
Techworld Date Posted: 3 October 2017 8:52 AM | 294 Views
Gaming, mobile or otherwise, continues to be a huge part of today's digital experience. Not just millennials but even Gen Xers as well are very much engaged in the digital gaming world, mostly through.... See More
 
Moto E4 Plus Empowers Gamers to Level Up
Techworld Date Posted: 8:52 AM | 294 Views
Gaming, mobile or otherwise, continues to be a huge part of today's digital experience. Not just millennials but even Gen Xers as well are very much engaged in the digital gaming world, mostly through...See More


Power by

Download Free AZ | Free Wordpress Themes