Grafvision - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the discovery of the Meltdown and Spectre vulnerabilities and their effect on information security.
The new year got off to a rough start when several research teams disclosed critical vulnerabilities in a wide array of modern microprocessors.
The Meltdown and Spectre vulnerabilities, which were disclosed last week, are vulnerabilities in CPU architectures that could enable attackers to steal data from systems' memory without leaving much, if any, trace of the attack. Both vulnerabilities involve how microprocessors implement address space layout randomization and what's known as speculative execution.
Meltdown affects Intel processors, while Spectre has been confirmed to affect chips from Intel, AMD and ARM, according to the research teams. While the implementations function as designed to enhance chip performance, different research teams simultaneously discovered that threat actors could abuse the functions and obtain data in memory from both operating systems and applications.
While software patches and updates have been issued for OSes and cloud services, the effects of the Meltdown and Spectre vulnerabilities are far-reaching. For example, the researchers explained that Meltdown can be used to circumvent containers when guests are on a shared kernel. In addition, some of the patches released for the vulnerabilities have reportedly caused performance and stability issues.
How did the research teams and vendors coordinate the disclosure of the Meltdown and Spectre vulnerabilities? What are the chances that the vulnerabilities have already been exploited? What do these discoveries mean for the future of microprocessor security? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.