Virtually all of our personal devices and large cloud infrastructures are affected by two huge security problems.
The current data comes especially from a group of security researchers made up of experts from Google's so-called Project Zero, the Graz University of Technology, the University of Pennsylvania, the University of Adelaide in Australia, and computer security companies. Cyberus and Rambus.
According to experts, there are actually not one but two flaws: Meltdown and Specter, which come in three variants: CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. The first two are from Specter, and the last is for Meltdown.
It was first revealed that the microprocessor giant Intel is facing one of its worst crises in 50 years.A serious error in the design of its processors could cause serious security problems for manufacturers and developers as well as for users, as published by The Register.
Sorry to introduce you to Meltdown and Specter
Meltdown and Specter are the names that have been given to two vulnerabilities that allow an attacker to access any type of information stored in the system memory. Although they have been released at the same time, they are different. Of course, each one more dangerous than the last.
Meltdown and Specter already have their own logos, designed by Natascha Eibl . Source: Meltdownattack .
Meltdown
It affects only Intel, and is an attack that allows a program to access memory used by other applications and the operating system. In theory they should be watertight compartments, but this method allows you to read that memory and what is stored there, no matter how safe it was in theory. It is a free pass to the data of the operating system and its applications.
Itanium and Intel Atom processors do not have this feature and therefore would not be affected by this vulnerability, but the rest are. Which means that there would be millions of computers affected. Furthermore, the flaw would also impact cloud services.
Now new data has been known that indicates that this first 'Meltdown' security problem that can be solved with patches.
Specter
It is a type of attack that also affects Intel, and some AMD and ARM chips (those used in cell phones). According to the researchers, it is more difficult to implement, but also more complex to stop; and breaks that isolation that applications theoretically have, and could allow malicious software to receive all the information that another application manages. Some experts consider that an attack that manages to take advantage of this is impossible to avoid without a hardware change.
Anyway, AMD clarified that, due to the architecture of its processors, the chances of vulnerabilities being exploited are almost nil. And ARM published a document with the details of the vulnerabilities and how they could be executed.
How does this affect smartphones?
Android
Although Meltdown would affect, in principle, only Intel processors, Specter would affect, among others, ARM, which is the most used architecture in devices with Android operating system.
Google explained in its official Project Zero blog , the problem affects both Android and Chrome OS devices, although according to these experts exploiting the vulnerability "is difficult and limited on most Android devices . "
CERT (Computer Emergency Response Team) is an information technology security incident response center created in 1988 in response to the Morris worm incident. While Microsoft, Amazon and Google claim that their computers are protected, CERT assures that the best solution is to change the affected CPU.
"To completely eliminate the vulnerability, it will be necessary to replace the affected CPU."
Finally and in conclusion , the failure is serious, and the most important thing is to be attentive to the latest updates to your system. Install the security patches that are released and take extra precautions in the meantime.
