Spectre meltdown12/24/2023 It takes a good deal of effort to access and discover the actual content of memory and make it meaningful, as mentioned earlier. It is not an easy thing to do, as some have suggested.This is important, as it does not expose the machine to any modifications of its operations or “hijacking.” They do not allow takeover or modification of machines and operating systems, so it is not a traditional malware actor.Therefore, it’s not easy to do this via a “drive by attack” that does not launch a machine-specific application targeted at this vulnerability. They must be run locally on the machine and must be loaded through some form of application.But it may not be possible to even read the captured data in real time, as it requires understanding the relationship between data locations, which are highly variable and actual data content, and requires a good amount of processing/decoding. They do not read memory in mass storage devices such as disk drives. They have the potential to read protected memory locations used by the device and applications (including browsers) that store information in the kernel memory, including potentially sensitive data.While this may contain sensitive information such as passwords, it also may simply be variable instructions and data from application processes that are not of much value. They access protected areas of memory to potentially decode and read. Meltdown and Spectre are exploits, not chip design flaws, operating against computer architecture that’s been designed into chips for decades.With a potential to read kernel data, what’s the real threat level behind Meltdown and Spectre? Let’s look at what it is, what it’s not, and what you should do about it. It exploits an architectural technique known as “speculative execution” which is a key feature of things such as look-ahead instructions and data, which significantly improves computer performance. But it doesn’t affect lower-level or real-time operating systems (like QNX) that don’t use this particular feature, nor in lower-level controller chips used for the Internet of Things (IoT).īasically, the exploit involves reading memory locations that are supposed to be protected and reserved for use by the computer kernel. The problem affects nearly all operating systems, such as Windows, Linux, macOS and even Android, as well as virtualized environments such as VMware and Citrix. Nearly all modern chip architectures from the major suppliers (Intel, AMD, ARM) are affected, and this includes nearly all modern computer systems from data center to PC to smartphones. Meltdown and Spectre are not exactly the same, but they are related and use a similar exploit mechanism to gain access to computer data. īut what are the threats? There are potentially three different threats exposed in the disclosure, collectively described by Meltdown and Spectre. ![]() And all the major software vendors of Linux, Microsoft for Windows, Apple for macOS, and virtualization software suppliers such as VMware and Citrix have all collaborated to mitigate this threat. The major chip makers - AMD, ARM and Intel - have decided to work together to mitigate the potential effects of a common enemy that affects most modern computer chips - a good sign for future industry collaboration. +RELATED: Intel’s processor flaw is a virtualization nightmare Red Hat responds to the Intel processor flaw +įirst, to be clear, these exploits affect all the major computer chip architectures. Rather, I’ll focus on the higher-level issues affecting business and personal computer users. There is much technical information with high level of details available for both Meltdown and Spectre, so I won’t get into a lot of technical detail here. ![]() Some of it has been accurate, and some has been sensationalist and overblown. There is lots of information circulating about the new exploits of computer chips from Intel and others announced in the past few days.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |