Billions of Devices at Risk of Attacks Because of Two Critical Hardware Bugs

Dubbed Meltdown and Spectre, the two hardware bugs found in Intel processors affect almost every computing device that was made in the past two decades, no matter if it’s a mobile phone or a personal computer. They allow malicious programs to steal sensitive data processed on the affected machine, and if you stop and think about the possibilities in terms of devices affected, it’s headache inducing.

“While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents,” reads the dedicated website.

Machines running in the cloud appear to be the most affected by the two vulnerabilities (CVE-2017-5753 and CVE-2017-5715for Spectre, and CVE-2017-5754 Meltdown) as it’s possible to steal data from other customers as well, but any computer with a modern process is at risk of attacks if the operating system they’re running isn’t updated to the latest available software release that includes patches for these bugs.

Every processor made since 1995, with the exception of Intel Itanium and Intel Atom CPUs released before 2013, are affected by these vulnerabilities, no matter if you’re using Windows, Linux, macOS, Android, Chrome OS, or FreeBSD. The Meltdown and Spectre bugs were reported by security researchers working for Google’s Project Zero, Cyberus Technology, and Graz University of Technology.

They confirmed that the Spectre bug is the most dangerous of the two and it’s not easy to fix. The security researchers even go as far to say that it will haunt us for quite some time. While they affect mostly Intel CPUs, but some AMD processors and ARM’s Cortex-A chips are also prone to this new class of attack. However, AMD denied any of its processors are vulnerable.

Google’s Project Zero team even disclosed the effects of the critical security flaws caused by the “speculative execution” technique used by most modern processors to optimize performance, despite the January 9 embargo, and urged users to update their Android and Chromebook devices to the latest software versions Google released recently. Android users must ensure they have the January 2018’s security patch installed.

Microsoft appears to have released an emergency patch today that fixes the two security vulnerabilities, and Apple already patched at least one of the bugs in the macOS 10.13.2 software update, planning more fixes in the upcoming macOS 10.13.3 High Sierra release coming by the end of the month. Linux users are safe as long as they run the latest Linux kernel version available for their operating systems.

Read the full story over at Softpedia News.

This story was summarized by Canadian Fraud News Inc.

 

 

Devin Jones is the head writer and social media producer at Canadian Fraud News. Devin was raised in Toronto and is a graduate of the Ryerson University journalism program. As a former Digital Media editor at the Ryerson Review of Journalism, you can find Devin camera and coffee in hand, at his home photo studio.

Leave a Comment