In the world of IT security information disclosure boils down to people seeing information that they are not authorized to see. This could be something as simple as having inadequate security controls on a file server allowing all users in the company to access employee review files. More recently though there have been 2 information disclosure vulnerabilities published that affect nearly every device.
Of course the two vulnerabilities that I speak of are Meltdown and Spectre. While the vulnerabilities are often reported together, they are two separate things, and they affect different CPU's. The Meltdown is limited to Intel, while Spectre impacts essentially every CPU from Intel to AMD, to IBM to ARM. The vulnerabilities are very similar in that they exploit the very way that processors were engineered for maximum efficiency. Meltdown and Spectre use the speculation around memory access to leak data from the kernel that should in theory be inaccessible.
This is a huge deal not only because of the widespread nature of it, but also because there is not necessarily a simple fix. While some software updates have been released to patch pieces of it, it may require new microcode to help fix remaining vulnerabilities. Early patches that have been released have caused a lot of system instability, and as such many vendors are recommending you do not install the patches until they are fixed. Bad actors are also taking advantage of this new fear to launch phishing campaigns promising to provide a download for the necessary patches to fix your system.
So in the end it doesn't matter if you prefer Windows, Mac, or Linux. Information Disclosure is coming for you.
https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
No comments:
Post a Comment