What is Meltdown and Spectre?

What are the Spectre and Meltdown CPU vulnerabilities

Meltdown and Specter hardware bugs impact almost every CPU built in the past 10 years (and possibly more) and allow a low permission application, or even JavaScript code, to read kernel memory. . Exploitation is carried out by abusing the optimization of the hardware level in modern processors. At the time of publication, this technique has been demonstrated primarily on Intel processors, but there is abuse against AMD and ARM processors as well. It is important to note that these bugs do not use any operating system services, which makes them particularly difficult to detect and mitigate at the software level. Currently, these bugs cannot be detected by any modern security solution (it is also unlikely that many security solutions will protect against this attack).

In modern computers, code is separated into two areas: user code, which runs the programs you use every day, and kernel code, which is used to run the operating system. The kernel is a highly privileged area of the computer that controls its execution and stores critical data.

Click here to download Free RAM Free Antivirus

Why Are The Spectre And Meltdown Vulnerabilities Dangerous?

You might think that this is just another of the thousands of exploitable vulnerabilities currently in circulation, and in many ways, you are right. Despite identifying these working exploits, the likelihood of these issues being exploited in the wild is still low, at least much lower than other bugs that have come to light in the past two weeks. If you missed it in any way, you should prioritize fixing the Microsoft Exchange four days zero that would be used by several advanced threat groups during live attacks.

The technical requirements of the threat actor wishing to exploit the bugs are significant, although slightly lower since the release of public exploits. What made Specter and Meltdown the talk of the city in 2018 was the enormous scale of potentially affected devices. These are hardware vulnerabilities in almost all modern processors that could allow programs to steal data being processed on a computer. While plans are generally not allowed to read data from other programs, a malicious exploit could allow an actor to access sensitive data stored in the memory of additional running programs; data that may include passwords stored in a password manager or browser, personal photos, emails, or critical business documents.

Why does the Meltdown patch slow down performance?

The Meltdown patch fix involves a more dramatic separation of kernel memory from user processes. This is done through a method called Kernel Page Table Isolation (KPTI). KPTI moves kernel-mode operations into an address space completely separate from user-mode operations. This means that it takes much longer to switch between kernel mode and user mode.

To illustrate this, imagine a food truck that sells only two items: hot dogs and cold lemonade. The employee inside the food truck can easily reach both the steamer with the hot dogs and the cooler with the cold lemonades, and business moves pretty quickly. Now imagine that the health inspector comes by and demands that hot and cold food be kept in separate rooms. Now the employee can still reach for the hot dogs, but has to get out of the truck and walk down the street to get each lemonade. This would cause the food truck line to slow down much slower, especially if people are ordering a lot of lemonades. This is similar to how KPTI can slow down the performance of an operating system.

Understanding the difference between Spectre and Meltdown

Despite the simultaneous publication of Specter and Meltdown, the two exploit different properties of processors; the only thing Specter and Meltdown have in common is the use of transient execution.

Specter relies on erroneous prediction events to trigger transient instructions. Specter only works with data that is architecturally accessible to an application. In contrast, Meltdown relies on out-of-order transient instructions following an exception. Meltdown relies on transient instructions that are architecturally inaccessible to an application.

How Meltdown And Spectre Could Lead To Attacks

By allowing regular and even browser-based programs to read kernel memory, the secrecy of kernel data is violated. This could allow two types of attacks:

Information Leak – A low privilege application can read secret memory and leak it. This can include keys.

Springboard for New Attacks – Modern defense mechanisms (such as KASLR) take advantage of the fact that kernel memory addresses are secret and more difficult to exploit than other kernel components to gain control of a computer. This bug facilitates kernel-based attacks by allowing attackers to read kernel memory.

How to protect against the Meltdown/Spectre vulnerability?

Besides replacing a PC’s processor, the only way to close the vulnerability is to patch the operating system. Apple quietly introduced a Meltdown patch to OSX in early December, while Microsoft released a Windows patch on January 3, and Linux developers are still working hard to make a patch.

An unfortunate side effect of these Meltdown patches is that they will, by design, slow down the processing speeds of computers using the patched operating system. These slowdowns will impact performance by around 5 to 30%, depending on the type of chip and the tasks performed.

This article covers the answers to some of your frequently asked questions:

Recent Posts

People May Also Like…