Meltdown And Spectre
Meltdown
Meltdown allows any attacker to override or bypass the fundamental memory protection.This will give you access to areas that you probably should not have. In this way, sensitive data such as logins and passwords can be read, which is relatively easy to exploit. For example, in proof of concept exploits that have already appeared, this is triggered via Javascript. Meltdown is especially problematic for virtual machines (VMs), because theoretically one can get access to others from one instance. Meltdown affects Intel and the other manufacturers. Intel has already commented on this, pointing out, on the one hand, that others are also affected, and, on the other, pointing out that the exploits “do not have the potential to damage, alter, or erase data.”
Also Read: Microsoft To Distribute Emergency Patch For CPU Vulnerabilities Soon
But there are also positive news. Because appropriate software patches are already being distributed for Meltdown. Microsoft has published an emergency patch for this. However, you should not try to force the update with the number KB4056890 if you do not get it offered. Because the patch performs kernel changes and there are currently still incompatibilities with anti-virus programs, a manual installation can lead to system instabilities (via Dr. Windows ).
Also Read: Smartphone Sensors Can Be Used To Guess The User PIN
Spectre
As mentioned, Spectre also affects AMD and ARM, but here, too, there is a good bit of good news: Specter is more difficult to exploit than Meltdown. The bad news: Specter is harder to cram. There is currently no comprehensive patch, but at least the systems can be protected against specific exploits. Spectre can bypass memory protection between applications, including the sandboxing of operating systems or browsers. The memory is (in contrast to Meltdown), however, safe.
Also Read: Android’s January Patches Lead To Lags And Other Problems
The individual manufacturers have already released patches or will do so these days. Google has set up an overview page where you can see the state of affairs of each product. As mentioned, Microsoft has released a first patch, the next patch day in less than a week, there will probably be more in this regard. Apple users should already be protected as macOS 10.13.2 is already there, also with Linux countermeasures were carried out already