Symantec has released the following detection for attempts to exploit the Multiple CPU Hardwares Information Disclosure Vulnerability (CVE-2017-5753/Spectre):

 

A series of newly discovered vulnerabilities affecting processor chips could permit attackers to gain unauthorized access to a computer’s memory. Dubbed Meltdown and Spectre, the vulnerabilities affect nearly all modern processors and can only be mitigated through operating system patches.

 

Of the two, Meltdown poses the greatest threat because it is easier to exploit and affects all kinds of computers, including personal computers and virtual machines in the cloud. Symantec is not aware of either vulnerability being exploited in the wild.

 

The vulnerabilities are significant, since a successful exploit could allow attackers to gain unauthorized access to sensitive data, including passwords. However, exploit of any vulnerable computer would require an attacker to gain access to the targeted computer via a prior step, such as running a malicious application on it; through JavaScript which triggers an exploit in order to run as native code; or running JavaScript to map the kernel. All of these malicious activities can be blocked by Symantec products. Nevertheless, users are advised to apply operating system patches as soon as they are made available.

 

Both Meltdown and Spectre exploit flaws in processors in order to bypass memory isolation in the operating system. Operating systems are designed in a way to block one application from accessing memory being used by another. If memory isolation fails to work, a malicious application could steal information from memory being used by other applications.

 

What is Meltdown?
Meltdown (CVE-2017-5754) exploits a flaw in out-of-order execution, a performance feature found in many modern processor chips. The researchers who discovered it have confirmed that it affects every Intel processor since 1995 (with the exception of pre-2013 Intel Itanium and Intel Atom processors). However, they added that it remains unclear whether ARM and AMD processors are also affected by the vulnerability.

 

If successfully exploited, an attacker can obtain a copy of the entire kernel address space, including any mapped physical memory, in other words, any data stored in memory at the time of the attack.

 

Meltdown can be exploited regardless of the operating system a computer is running. It affects both individual computers and any computers hosting cloud services, meaning an attack on a single server could lead to the compromise of multiple virtual machines running on that server.

 

Exploitation against cloud services is potentially the most worrying scenario, since the Meltdown can be exploited on a virtual machine in order to access memory from the host machine. Attackers could potentially buy space on a vulnerable cloud service and use it to stage an attack against other customers using the same host.

 

What is Spectre?
Spectre (CVE-2017-5753 and CVE-2017-5715) has a similar outcome but works in a slightly different way, and exploits a flaw in processor design to trick an application into leaking information stored in memory.

 

According to the team who discovered Spectre, virtually all modern processors are affected by the vulnerability, including Intel, AMD, and ARM chips. Once again, the vulnerability is operating system agnostic.

 

Mitigation
Users are advised to apply operating system patches immediately. Patches have already been released for Microsoft Windows, Apple macOS, and Linux to patch Meltdown. Spectre is reportedly more difficult to patch but also more difficult to exploit. Work is underway to harden software against any potential exploits.

 

Operating system vendors have already warned that patching is likely to have a performance impact on affected computers. According to Microsoft, the impact may not be noticeable on most consumer devices, however the specific impact “varies by hardware generation and implementation by the chip manufacturer.” The developers of the Linux patch said average performance could decline by 5 percent, but instances of a 30 percent decline were observed.


RECOMMENDED ARTICLE FOR TECHWORLD


 
The New Smart Watch from PLDT HOME is a Must-have for Kids and Here’s Why
Techworld Date Posted: 18 July 2016 2:19 PM | 596 Views
Are you looking for a useful yet super cool gift for your kid? How about a watch? No, how about a Smart Watch? The Smart Watch from PLDT HOME is the latest, and coolest, gadget for kids,.... See More
 
The New Smart Watch from PLDT HOME is a Must-have for Kids and Here’s Why
Techworld Date Posted: 2:19 PM | 596 Views
Are you looking for a useful yet super cool gift for your kid? How about a watch? No, how about a Smart Watch? The Smart Watch from PLDT HOME is the latest, and coolest, gadget for kids,...See More

 
Transcend Announces New MSA450T mSATA 3D TLC SSD for Embedded Applications
Techworld Date Posted: 28 April 2018 4:47 PM | 272 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to announce the release of the MSA450T industrial solid-state drive equipped with 3D TLC NAND flash memory. The MSA450T comes.... See More
 
Transcend Announces New MSA450T mSATA 3D TLC SSD for Embedded Applications
Techworld Date Posted: 4:47 PM | 272 Views
Transcend Information, Inc. (Transcend), a leading manufacturer of storage and multimedia products, is proud to announce the release of the MSA450T industrial solid-state drive equipped with 3D TLC NAND flash memory. The MSA450T comes...See More

 
International Women’s Day Kaspersky Lab Aims to Close the Gender Gap in Cybersecurity
Techworld Date Posted: 8 March 2018 4:33 PM | 169 Views
In recent years, more and more women have climbed the corporate ladder to occupy important positions in the business world serving as role models for young girls.. See More
 
International Women’s Day Kaspersky Lab Aims to Close the Gender Gap in Cybersecurity
Techworld Date Posted: 4:33 PM | 169 Views
In recent years, more and more women have climbed the corporate ladder to occupy important positions in the business world serving as role models for young girls.See More

 
Lenovo Introduces New Laptops for the ‘Modern Avid Gamer’
Techworld Date Posted: 17 August 2018 5:23 PM | 509 Views
Lenovo, a global leader in PCs and smart devices development, is launching two new laptops designed to meet the demands of the ‘modern avid gamers’. . See More
 
Lenovo Introduces New Laptops for the ‘Modern Avid Gamer’
Techworld Date Posted: 5:23 PM | 509 Views
Lenovo, a global leader in PCs and smart devices development, is launching two new laptops designed to meet the demands of the ‘modern avid gamers’. See More

 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 21 November 2018 1:31 PM | 128 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with.... See More
 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 1:31 PM | 128 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with...See More

 
OPPO F7 Breaks New Ground in Capturing True Beauty
Techworld Date Posted: 21 April 2018 1:52 PM | 563 Views
Now available for Philippine smartphone users, the all-new, highly anticipated OPPO F7 brings forth a new standard to smartphone photography with a new 25MP front-facing camera, powered by a best-in-class A.I. Beauty Technology 2.0.... See More
 
OPPO F7 Breaks New Ground in Capturing True Beauty
Techworld Date Posted: 1:52 PM | 563 Views
Now available for Philippine smartphone users, the all-new, highly anticipated OPPO F7 brings forth a new standard to smartphone photography with a new 25MP front-facing camera, powered by a best-in-class A.I. Beauty Technology 2.0...See More

 
SAP Philippines Officially Recognized as 2019 Top Employer
Techworld Date Posted: 7 January 2019 2:47 PM | 93 Views
SAP Philippines (NYSE: SAP) has been recognized as the 2019 Top Employer, for empowering best people practices and having exceptional employee working conditions.. See More
 
SAP Philippines Officially Recognized as 2019 Top Employer
Techworld Date Posted: 2:47 PM | 93 Views
SAP Philippines (NYSE: SAP) has been recognized as the 2019 Top Employer, for empowering best people practices and having exceptional employee working conditions.See More

 
New IoT-Malware Grew Three-Fold in H1 2018
Techworld Date Posted: 19 September 2018 3:04 PM | 146 Views
According to the Kaspersky Lab IoT report, in the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware. That’s more than triple the amount of IoT malware seen.... See More
 
New IoT-Malware Grew Three-Fold in H1 2018
Techworld Date Posted: 3:04 PM | 146 Views
According to the Kaspersky Lab IoT report, in the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware. That’s more than triple the amount of IoT malware seen...See More

 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 25 September 2017 11:26 AM | 226 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of.... See More
 
From Shaking Their Hands to Paying off Their Debts: Third party Cybersecurity Failures Cost Businesses the Most
Techworld Date Posted: 11:26 AM | 226 Views
While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of...See More

 
Botnet Activity in H1 2018: Multifunctional Bots Becoming More Widespread
Techworld Date Posted: 3 September 2018 5:14 PM | 171 Views
Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analyzing more than 150 malware families and their modifications circulating through 600,000 botnets around the world. . See More
 
Botnet Activity in H1 2018: Multifunctional Bots Becoming More Widespread
Techworld Date Posted: 5:14 PM | 171 Views
Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analyzing more than 150 malware families and their modifications circulating through 600,000 botnets around the world. See More


Power by

Download Free AZ | Free Wordpress Themes