Researchers find processor security flaws2018-01-04 12:02 by Daniela
Tags: Meltdown, Spectre
Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU. In both cases, attackers could see data that the processor temporarily makes available outside of the chip.
The CPU flaws have been branded as Meltdown and Spectre and have widespread impact across different silicon, operating system, browser and cloud vendors. The Meltdown flaw impacts Intel CPUs and is also identified as CVE-2017-5754. Spectre is also known as CVE-2017-5753 and CVE-2017-5715 and impacts all modern processors including Intel, AMD and ARM.
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory, consequently, applications can access system memory," the Meltdown attack advisory states. "Spectre tricks other applications into accessing arbitrary locations in their memory."
Microsoft has issued an emergency security patch through Windows Update, but if you're running third-party anti-virus software then it's possible you won't see that patch yet.
A firmware update from Intel is also required for additional hardware protection, and those will be distributed separately by OEMs. It's up to OEMs to release the relevant Intel firmware updates, and support information for those can be found at each OEM support website. If you built your own PC you’ll need to check with your OEM part suppliers for potential fixes.
Read more -here-