Meltdown and Spectre – What you need to know

As you may have seen in the media, two major vulnerabilities have been discovered in processor chips which effects billions of devices all over the globe. The vulnerabilities impact Linux, Windows and Apple devices as well as cloud omputing systems – impacting organisations such as Amazon Web Services and Microsoft Azure

Researchers have named the vulnerabilities Meltdown and Spectre, and believe that nearly all processor chips going right back to 1995 are impacted. Here are some of the things we know about the vulnerability at this time, and what you need to be aware of:

What are the vulnerabilities?

Meltdown affects Intel processors and breaks the isolation between applications and the operating system of devices. This would allow an attacker’s programme to access the memory and all sensitive information of other programmes running on the system. It is called ‘Meltdown’ because the vulnerability essentially melts the security boundaries which are usually present in the processors.

Spectre affects Intel, AMD and ARM processors, and breaks down the barriers between different applications, potentially allowing a rogue application to trick other applications into giving it access sensitive information. Spectre is harder to exploit than Meltdown, but is also harder to defend against, so may haunt us for some time – hence the name, Spectre.

How were the vulnerabilities discovered and leaked?

The vulnerabilities were discovered by some excellent work from experts at places such as Google Project Zero and Graz University of Technology.

On Tuesday, The Register broke the news of the vulnerability, however details were being embargoed until all vendors could release fixes – this is normal behaviour between security analysts and vendors. However, the details were leaked before all vendors could release patches for their systems. Intel had indicated they were planning to release the information next week.

What is the potential impact?

If exploited by hackers, there is a potential that the vulnerability could allow rogue applications to access areas of memory that it shouldn’t be allowed to. This could potentially result in the compromise of sensitive data such as secret keys and passwords.

What can my organisation do to protect itself?

Most vendors have released, or are about to release patches to mitigate against exploits of these vulnerabilities, so it is highly advised you to update both your operating systems and underlying firmware to the latest version as soon as it comes available, and also ensure you are only using systems still supported by the vendor. This is generally best practice for robust cyber security, anyway.

Your organisation should also be prioritising a cyber security strategy – as this is just one of many news stories to hit in recent years regarding the risks to IT systems. As well as updating your systems regularly, you should also look at having advanced malware protection, secure configuration, secure access controls and boundary firewall devices in place.