Meltdown and Spectre, the two vulnerabilities that are making a large portion of the worlds computer processors at risk. The hardware vulnerabilities have been discovered in almost every CPU produced in the last 20 years. The attack from the two vulnerabilities is capable of yielding data that is often believed to be protected from any unauthorised users including passwords and private encryption keys.

 

According to current research, Meltdown breaks the isolation between user applications and the operating system, allowing attackers to access the memory and data of programs and operating systems. Spectre breaks the isolation between different applications, allowing an attacker to trick error-free programs, which follow best practices into leaking secrets. As it stands, Meltdown is more easily patched than Spectre as it is a more straightforward abuse of the processor, whereas Spectre leverages speculative execution to trick innocent programs or system processors into planting their secrets in the processors cache

 

Essentially, as the vulnerability is a hardware bug, everything running on affected processes is at risk including Windows, Linux and macOS and some mobile devices. Browsers including Chrome, Firefox and Internet Explorer all have preliminary Spectre patches. Initially, the original issue was found to be on Intel processors only however, further research has indicated a wider range of processors could be affected with Advanced Micro Devices (AMD), Advanced RISC Machines (ARM) and others may also be vulnerable.

 

With no known attacks using this method so far, Enspire continue to act on the issue to reduce any risk of client data being attacked by allocating all technical recourses to the mitigation of Spectre and Meltdown. Routine backups and updates are in place effectively to secure against potential attacks.

 

For further information about the security and integrity of your systems, please reach out to the Enspire support team on 1300 366 392

Comment