Meltdown and Spectre: The Threats in Your Machine

By: Travis Rosiek, Chief Technology and Strategy Officer, BluVector

After responsibly disclosing the details to affected vendors, a collective of security researchers publicly announced details of two critical vulnerabilities they found in current CPUs from Intel, AMD and ARM.

Labeled as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), these vulnerabilities are distinct and have separate mitigations. However, in general terms, both will allow malicious programs to access areas of memory they should not be able to access. This memory may be system memory or memory allocated to other running programs. Thus, a malicious program may be able to access in-memory data such as stored passwords, personal files and business documents.

The basic difference between the two is Meltdown compromises the isolation between the operating system and programs executed by users. Spectre compromises the isolation between different running programs.

Since these vulnerabilities are made possible due to bugs in the physical CPU, these vulnerabilities affect personal computers, including Macs and those running Linux and mobile devices. These vulnerabilities are of potentially even greater concern for cloud providers, as depending on their implementation of hardware virtualization, it could be possible to access data from another customer utilizing the same physical hardware.

As of the time of writing, there is no evidence these vulnerabilities are being exploited in the wild maliciously. In addition to the publishing of the research into these vulnerabilities, there is proof-of-concept code available for both vulnerabilities – experience with countless other vulnerabilities tells us it is only a matter of time until Meltdown and Spectre malware is released. Attacks could also potentially come from malicious JavaScript utilized in a fileless malware scenario.

Meltdown has been confirmed on Intel CPUs since 1995, it is not currently confirmed to affect ARM and AMD processors. Spectre has been confirmed to affect Intel, ARM and AMD processors.

Patches have been released for Meltdown on Windows, macOS and Linux, though there are reports further patches are to be expected to ensure complete mitigation. Spectre is more difficult to mitigate and will likely require patches to software applications, rather than at the operating system level.

Stay tuned for tomorrow’s blog post:

It’s not currently known how, if at all, these vulnerabilities have been targeted in the wild, but it’s only a matter of when and not if these vulnerabilities will be targeted by cyber adversaries.  Stay tuned to our blog tomorrow as we discuss the various avenues of attack that could exist in your organization and what security teams can do to stay on guard for attacks against these vulnerabilities.  We’ll also discuss best practices and how BluVector’s technology was designed to address both file-based and fileless threats that haven’t been seen before in the wild and where signatures don’t yet exist to detect these types of threats.  Learn how the combination of BluVector’s machine learning and speculative code execution engines can significantly enhance malware detection at line speed.

With nearly 20 years of experience in the security industry, Travis Rosiek is a highly accomplished cyber defense professional having led several commercial and U.S. government programs. He is known for developing and executing strategic plans to build the technical capacity across product development, quality assurance, technical marketing, professional services and sales engineering. Prior to his role at BluVector, Rosiek held several leadership roles including CTO at Tychon and Federal CTO at FireEye as well as senior roles at CloudHASH Security, McAfee and Defense Information Systems Agency (DISA).

Tags: , , , , , , ,

Interested in learning about BluVector?Contact Us >