Two major flaws in microprocessors have been found which affects almost all computers and phones all over the world. The bugs, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers, servers running in so-called cloud computer networks, according to a report in the New York Times.
According to the report, there is no easy fix for Spectre which requires a complete redesign of the processors and could slow down computers by 30 per cent.
Meltdown on the other hand affects mostly servers and hence cloud computing, thus threatening services of online giants like Google and Amazon.
The flaws have been there for several years and have recently been discovered. However, analysts warn that since they are now in open, these vulnerabilities could be employed by hackers.
Ido Naor, Senior Security Researcher, GReAT and Jornt van der Wiel, Senior Security Researcher GReAT at Kaspersky said: “The first vulnerability, Meltdown can effectively remove the barrier between user applications and the sensitive parts of the operating system. The second vulnerability, Spectre, also found in AMD and ARM chips can trick vulnerable applications into leaking their memory contents.
“Applications installed on a device generally run on ‘user mode’, away from the more sensitive parts of the operating system. If an app needs access to a sensitive area, for example the underlying disc, network or processing unit, it needs to ask permission to use ‘protected mode’. In Meltdown’s case, an attacker could access protected mode and the core memory without requiring permission, effectively removing the barrier – and enabling them to potentially steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents,” they explained.
“As they are hardware bugs, patching is a significant job. Patches against Meltdown have been issued for Linux, Windows and OS X, and work is underway to strengthen software against future exploitation of Spectre. Intel has a tool you can use to check if your system is vulnerable to the bugs and Google has published further information here. It is vital that users install any available patches without delay.”
“It will take time for attackers to figure out how to exploit the vulnerabilities – providing a small but critical window for protection.”