Blog1-Hero.jpg

Poised for a digital transformation?

Meltdown and Spectre Security Vulnerabilities

19 January, 2018
0 Comments

Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) are two individual security vulnerabilities discovered and reported by the Project Zero Team at Google. Both Meltdown and Spectre exploit critical vulnerabilities in modern processors and therefore affect a wide range of devices that includes personal computers, mobile devices and server hardware in datacenters.

DCC200_Blog_Spectre-15.png
There is an isolation between user applications and the underlying operating system that runs it. Meltdown exploits this isolation by allowing a program to access the memory, and therefore also access stored information of other applications and the operating system.

Spectre, on the other hand attacks the isolation between different applications and can allow an attacker to manipulate software applications into leaking information that is otherwise protected.

There are software patches available to correct software design for protection from future exploits for Meltdown and Spectre.

Manufacturers and operating system vendors have also released software and firmware patches to mitigate the issue. Please see the below list for official guidance and security advisories:

Should you have any further questions or concerns, please do not hesitate to reach out to your Dynamic Computer Corporation account manager or other contact.

 

RELATED NEWS

Popular Post