Threat Advisory: Meltdown & Spectre

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

According to the team at Graz University of Technology that responsibly disclosed the new bugs, Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

Meltdown (CVE-2017-5754)

Meltdown is so named because the bug basically melts security boundaries which are normally enforced by the hardware. Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus data, of other programs and the operating system.

According to reports, every Intel processor since 1995 (except Intel Itanium and Intel Atom before 2013) are potentially affected by Meltdown. ARM processors are also affected, but AMD has stated there is “Zero AMD vulnerability due to AMD architecture differences.”

Spectre (CVE-2017-5753 and CVE-2017-5715)

Spectre got its name from its root cause, speculative execution. As it is not easy to fix, its name implies that the researchers think it will haunt us for quite some time. Spectre breaks the isolation between different applications, and allows an attacker to trick error-free programs into leaking their data.

Almost every system is affected by Spectre. More specifically, Spectre vulnerability has been verified on Intel, AMD, and ARM processors. Additional exploits for other architectures are also known to exist. These include IBM System Z,  POWER8 (Big Endian and Little Endian), and POWER9 (Little Endian).

How to protect mobile devices from Meltdown & Spectre vulnerabilities

Operating System Patches

Apple and Google both stress that there are no known exploits impacting customers at this time.

To help defend against the bugs, Apple and Google have both released patches.

  • Apple users should be on iOS 11.2 to protect against Meltdown. According to Apple, while Spectre is extremely difficult to exploit, even by an app running locally on a Mac or iOS device, it can be potentially exploited in JavaScript running in a web browser. As a result, Apple plans to release mitigations in Safari to help defend against Spectre soon.
  • Android users should have security patch levels of 2018-01-05 or later, as documented on January 5 as part of the Android January security patch update.

How Zimperium zIPS Helps

No app, including zIPS, can immediately detect attacks on the hardware itself since apps do not have privileged access to device hardware. However, zIPS can help in two ways:

  1. Identify devices running outdated operating systems that are not protected by the iOS and Android patches.
  2. Detect malicious apps and device exploitation attempts via its industry leading, machine learning-based threat detection technology.
    1. Apps: According to Apple, exploiting many of these issues requires a malicious app to be loaded on your iOS device. zIPS can detect malicious apps via a combination of machine learning, static and deterministic approaches.
    2. Device Exploits: If an attacker wants to compromise a device, then there are additional steps required–steps that zIPS will detect on-device. For example, a kernel exploit would trigger our system tampering warning.

The post Threat Advisory: Meltdown & Spectre appeared first on Zimperium Mobile Security Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1987 Followers
About Zimperium
Zimperium, the industry leader in Mobile Threat Defense, offers real-time, on-device protection against both known and previously unknown threats, enabling detection and remediation of attacks on all three mobile threat vectors - Device, Network and Applications. Zimperium’s patented z9™ detection engine uses machine learning to power zIPS™, mobile on-device Intrusion Prevention System app, and zIAP™, an embedded, In-App Protection SDK that delivers self-protecting iOS and Android apps. Leaders across the mobile ecosystem partner with Zimperium, including mobile operators (Airtel, Deutsche Telekom, SmarTone, SoftBank and Telstra), device manufacturers (Samsung, SIRIN, TriGem), and leading enterprise mobility management (EMM) providers (AirWatch, MobileIron, BlackBerry, Citrix and SAP). Headquartered in San Francisco, Zimperium is backed by Sierra Ventures, Samsung, Telstra, Warburg Pincus and SoftBank. Learn more at www.zimperium.com or our official blog at https://blog.zimperium.com.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel