Security Vulnerability – Meltdown & Spectre

The most recently critical vulnerabilities that called Meltdown and Spectre which will disclose information from operating system that caused by a fundamental design flaw in Intel’s processors.

Google Project Zero has disclosed this the Vulnerability Note (VU#584653). Click HERE to read it.

Question: Are we affected by this Vulnerability?

Answer: Mostly likely yes:

  • The chip vendors Intel, AMD and ARM are affected.
  • Windows, Linux (Android included) and macOS are affected
  • Cloud service vendors such as AWS and AliCloud are affected

To make sure yourself safe from this vulnerability, please keep updated on the newly released patches and apply them when available.

Patching this vulnerability is more difficult than usual: It happens on hardware level, affects multiple platforms, including varies version of mobile and IoT devices.

Some of the big vendors are already giving feedback about their patching status:

  • VMware: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
  • AMD: https://www.amd.com/en/corporate/speculative-execution
  • Red Hat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
  • Nvidia: https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/
  • Xen: https://xenbits.xen.org/xsa/advisory-254.html
  • ARM: https://developer.arm.com/support/security-update
  • Amazon: https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
  • Mozilla: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

If you wish to learn more about this vulnerability, please refer to the following link:

https://meltdownattack.com/

https://social.technet.microsoft.com/wiki/contents/articles/51021.mitgations-for-speculative-execution-side-channel-vulnerabilities-meltdown-spectre.aspx

https://support.microsoft.com/en-gb/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software