Vulnerabilities in speculative execution, branch prediction, and application isolation that lead to sensitive information disclosure and affect almost all modern processors have recently been disclosed. Speculative execution and branch prediction are processes designed to increase the performance of processors by performing anticipatory calculations that may not be needed to complete a process. Application isolation prevents user applications from accessing the memory address space of another application. The Meltdown and Spectre attacks are based on the ways processors handle speculative tasks and out of order execution. These vulnerabilities, if successfully exploited, allow an attacker to view otherwise confidential information in a system’s memory.
At this time we are not aware of these vulnerabilities being exploited in the wild. However, proof-of-concept scripts have been made public. Our Threat Intelligence team will continue to monitor for updates as more information becomes available.
Speculative execution and branch prediction are the premature execution of tasks by a processor before it is known where and if this information is needed. These are designed to optimize performance in modern CPUs. If it is determined information that is a product of speculative execution was not needed, the information is discarded.
Application isolation prevents applications from accessing arbitrary system memory. Meltdown breaks protections that stop applications from accessing system memory by exploiting out of order execution, a feature to increase performance in newer processors. Only systems running Intel processors are vulnerable to Meltdown due to its use of an Intel specific privilege escalation flaw. Use of the same CPU by multiple users increases the risk for both Spectre and Meltdown.
For additional information, please reference the white paperswhitepapers from the Graz University of Technology.
We recommend the following actions be taken:
- Apply the released patches for Linux (KPTI, formerly KAISER), OS X, Android, and Microsoft.ong>
- Apply applicable BIOS updates.
- Ensure the latest version of your desired browser is installed.
Graz University of Technology