What you should know about Spectre and Meltdown
Two large exploits, “Spectre” and “Meltdown”, have been released that allow reading privileged memory with side-channel attacks on Intel and ARM processors. This issue is known to affect nearly all processors in personal computers, Macs, servers and mobile devices (both Android and iOS). AMD processors are affected (only to “Spectre”), but to a much lesser degree. The result of a successful attack can include an attacker obtaining sensitive data and creation of back doors into systems for open access.
The more serious of the exploits, “Meltdown”, is primarily affecting Intel processors (though some ARM cores are vulnerable) and effectively breaks the isolation between user applications and the operating system.
Variants of this issue are known to affect many modern processors and dating back at least ten years (some speculation includes any intel processor developed since 1995).
So far, there are three known variants of the issue:
- Variant 1: bounds check bypass (CVE-2017-5753) (Spectre)
- Variant 2: branch target injection (CVE-2017-5715) (Spectre)
- Variant 3: rogue data cache load (CVE-2017-5754) (Meltdown)
Microsoft pushed out an update protecting against the Meltdown Exploit on January 3rd. Additional Microsoft updates are slated for January 9th. Apple pushed out updates protecting against Meltdown in macOS High Sierra, iOS, and tvOS on December 6th (while other updates are TBD). Kernel patches are also now available for Linux variants.
Many browsers are also issuing updates to protect against the issue to include Chrome, which has an experimental opt-in protection against “Spectre” attacks called “Site Isolation” (though it should be noted this option may create some functionality and performance issues). Firefox 57 (released in November) includes some initial safeguards. Edge and Internet Explorer received updates along with Windows 10.
There is the potential for a performance impact with processors after the updates. Current research suggest certain processor and application combinations may suffer 5-30% degradation to performance. However, there is no solid means to determine what may be affected given the variety of various applications. Most notably, virtualized and data center/cloud workloads are likely to be affected the most.
Please ensure you are updating all software, applications, and firmware regularly to ensure your systems are patched and protected.
Since this is a vulnerability that has been in existence for many years, systems may have been breached without the organization’s knowledge. Sword & Shield offers many services to discover and mitigate these threats.
Contact us for a free consultation to learn more.
Corey McReynolds is an Enterprise Security Consultant with Sword & Shield Enterprise Security.
Corey holds a Bachelor of Arts in communication as well as degrees in Information Technology, Programming, and Network Security & Forensics. He also earned all six of the Committee on National Security Systems (CNSS) Certifications meeting requirements for both the National Security Agency (NSA) and U.S. Department of Homeland Security (DHS).
Corey’s background includes serving in the United States Army as an Military Intelligence asset earning numerous commendations, supporting security operations at a Department of Energy research and development facility, and as a Senior Systems Engineer/Solutions Architect position for a data storage company.
Corey now enjoys helping Sword & Shield clients to solve problems with creative and secure solutions.