Google Security Researchers, aka Project Zero, discovered the new computer processor flaws, which they have named 'Meltdown' and 'Spectre' when breaking the bad news on 3rd January 2018. Both Meltdown and Spectre allow an attacker or malware to access privileged information from within what should be a protected area of (kernel) memory. Meaning the potential disclosure of passwords, encryption keys, and confidential data from within virtual environments i.e. where multiple virtual machines are hosted on a single hardware platform.
Meltdown
The Meltdown vulnerability is present on all Intel processors manufactured after 1995 and is the easiest of the two flaws to exploit. This vulnerability exploitation method is known as "rogue data cache load", and can be mitigated by applying the latest operation system patches/updates by Microsoft (KB4056892), Apple, and the various Linux distributions. However, the bad news is according to researchers, the patches are expected to slow (processors) computer systems down between 5% and 30%, given it will be essentially a software patch to fix a hardware defect.
- Meltdown (rogue data cache load - CVE-2017-5754)
- Update your antivirus software before applying Microsoft patches, as Microsoft warned that given their patch changes the design of Windows internal memory management, it could cause issues with installed anti-virus software, therefore the Microsoft update will not install if the anti-virus software is not compatible with the patch. Therefore update your anti-virus application before (the application not the definitions) before applying Microsoft security patches.
- Apple has confirmed all iPhones, iPads, and Mac computers are affected and have released patches for Meltdown in December 2017. Apple has stated there has 'no measurable reduction in the performance of macOS and iOS'.
- Microsoft Surface patches and guidance
- Google have stated patches cause ‘negligible impact on performance’
- See CVE-2017-5754 and meltdownattack.com for further details on Meltdown.
Meltdown Exploit Demo
The Spectre vulnerability is present on Intel, AMD and ARM processors, and involves two more conceptual methods of attack called 'bounds check bypass' and 'branch target injection', both of which appear to be difficult to execute. Spectre will be much harder to fix by vendors, so expect to wait for the patch releases for it.
- Spectre variant 1 (bounds check bypass - CVE-2017-5753
- Spectre variant 2 (branch target injection CVE-2017-5715)
- Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.
- Google has released patches for Android phones in December 2017
- See CVE-2017-5715, CVE-2017-5753 and meltdownattack.com for further details
For further full technical details see:
- Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, and Nvidia
- Meltdown, Spectre Can Be Exploited Through Your Browser
- Latest Patching Details
It is not currently known if hackers or malware have exploited either Meltdown and Spectre vulnerabilities. Detecting these type of processor exploits is far from easy, as specific processor activity is not typically recorded and checked in centralised security audit log files and audit systems, therefore Meltdown and Spectre exploitations are extremely hard to detect.
Recommended Response
The recommended course of action is to quickly apply the Meltdown and Spectre operation systems\vendor security patches as they are made available, but be mindful of the impact these patches will have on systems, namely, the negative processor performance, and any potential issues with anti-virus software and applications which could impact critical services, especially on servers and within virtual\cloud environments and on low processor powered devices such as IoT devices. Therefore comprehensive patch testing and a rollback plan are essential within businesses environments before Meltdown and Spectre patches are applied, and will help to identify and address any significant performance issues caused by the patches.
Within high-security environments, consider a strategy to replace all (processor) hardware, although a labour intensive and costly approach, it would provide a much higher degree of assurance once fixed processors are released by the chip manufacturers. Hardware replacement may even be a cost-effective approach in the medium to long-term if the performance impact of the patches turns out to be particularly severe.
No comments:
Post a Comment