Meltdown and Spectre – Critical vulnerabilities in Intel/AMD/ARM chips

We are just four days into 2018 and hackers have already exploited tons of platforms including the iPhone. Here’s yet another “flaw” discovered in chipsets of all popular manufacturers.

What are Meltdown and Spectre?

Meltdown and Spectre are critical hardware vulnerabilities that arise out of a design flaw in modern processors. This flaw has been present in all chips since 1995.

All popular chipset manufacturers such as Intel, but AMD and ARM processors are also affected. This means your iPhone also comes under the ambit as it uses ARM-based processors.

Spectre Meltdown Intel

Generally, all operating systems use “Sandbox” to contain a process and prevent it from accessing other processes. This is where Meltdown and Spectre come in.

They allow a hacker or malicious software to access data from other programs. The data in memory might include your passwords, photos, documents or other sensitive information.

If you are worried about your computer or iPhone, the chances of someone using these bugs to attack it are slim to none.

The real threats exist in high-load environments like cloud hosts, data centers, and server farms.

How Meltdown and Spectre work

Meltdown

Meltdown vulnerability breaks the security mechanisms that separate user applications and the operating system.

Here’s a video demonstration of a memory dump using this vulnerability.

Spectre

Spectre vulnerability breaks the security mechanisms that separate various user applications. It is relatively more powerful as compared to “Meltdown”.

We can fix Meltdown with an update with a slight performance loss. Spectre, on the other hand, can’t be fixed unless there’s a drastic change in the hardware design of the processors.

How can I keep my device safe?

Just like Broadpwn and KRACK Attack, these bugs also require a patch by the respective device manufacturers.

You must check the websites of the device or operating system you use to ensure you stay updated.

Remember, once you install the update, your device will become 5-30% slower than before.

Mac 

According to a security researcher, macOS Sierra 10.13.2 update already fixes this update to some extent.

macos 10.12.4

I still recommend you update to this version as soon as possible.

iPhone and other iOS devices

iPhone and other iOS devices such as iPad and iPod are yet to receive a proper update or patch.

With that said, Apple will ensure a patch comes with the next beta firmware update.

iPhone devices

As always, you should make the jump and move over to the latest version so as to close this loophole. Remember, don’t update if you want to jailbreak your device.

Can we use Meltdown/Spectre to develop a jailbreak?

No, iOS hackers require much more than a memory dump to develop a full-fledged jailbreak tool.

These bugs only allow you to dump the primary memory. They can’t grant you root access or unsigned code execution, both of which are necessary for developing a jailbreak.

cydia

Therefore, they are as good as useless as far as jailbreak tools go.

For more iOS security news and updates, give us a thumbs up on Twitter and Facebook.

Leave a Reply

Share
Tweet