![]() ![]() The result: A malicious program might be able to exploit Spectre to steal sensitive data that was generated by an unrelated application.īoth flaws are present in the CPU hardware, not in the operating systems or any other software. While Meltdown affects the communication between an application and the operating system, Spectre breaks the separation between applications. Meltdown affects only Intel products, but Spectre is a problem in processors made by Intel, AMD, and ARM (whose chips are typically found on mobile devices, including both iOS and Android smartphones), according to the researchers’ technical paper. “This is not good because we can’t know whether there was someone or some organization who used it for malicious purposes.” “The unsettling thing about this is that we know this vulnerability existed for 10, 15, 20 years,” Gruss said. Theoretically, hackers could exploit Meltdown to gather personal information stored by the OS. ![]() Computers are supposed to let applications use the operating system without having extensive access to it. ![]() The vulnerability effectively removes the barrier that prevents sensitive data generated by the operating system from being exposed to applications-which includes everything from your web browser to spreadsheet programs and word processors. In a published statement, Intel said it and other technology companies had "been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed." (Itanium chips were made for business computer systems, while Atom chips were built into many inexpensive netbook computers.) Meltdown, according to the researchers, affects every Intel central processing unit, or CPU, made since 1995 with the exception of the ones sold under the Itanium and Atom brand names and released before 2013. Speaking via Skype, Gruss, who helped author technical papers detailing the bugs, says he doesn’t know why the flaw managed to go unnoticed for such a long time.Īnd it’s been decades. “I first discussed the potential for Meltdown at Black Hat 2016,” says Daniel Gruss, an information security researcher at Graz University of Technology, referring to the annual cybersecurity conference. They were discovered independently at a number of organizations, including Google, German cybersecurity company Cyberus Technology, and Austria’s Graz University of Technology. There are two distinct flaws at hand, which researchers have named Meltdown and Spectre. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |