AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() ![]() The Meltdown issue in Chrome OS was addressed in December when Google released version 63, tens of days before the experts at Google Project Zero disclosure the flaws. The security researchers claim that only Meltdown and Spectre Variant 1 can be addressed via software, while Spectre Variant 2 required an update of the microcode for the affected processors. The Meltdown attacks target the CVE-2017-5754 vulnerability, while the Spectre attacks trigger the CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Spectre breaks the isolation between different applications, allowing to leak data from the kernel to user programs, as well as from virtualization hypervisors to guest systems. For instance, a malicious JavaScript can be used to extract login cookies for other websites from the browser’s memory. The attack can also be exploited for extracting information from its own process via code. Spectre lets user-mode applications extract data from other processes running on the same system. The attack exploits the speculative execution breaching the isolation between user applications and the operating system, so that any application can access all system memory. Meltdown could let hackers read the physical memory of the target computers and steal users’ credentials, personal information, etc. Hackers can exploit the Meltdown and Spectre attacks for bypassing memory isolation mechanisms and accessing target sensitive data. ![]() Thus, the company releases additional security patches for Chrome OS. Google reported that Spectre and Meltdown vulnerabilities keep infecting devices with Intel processors. ![]()
0 Comments
Read More
Leave a Reply. |