Google introduced Project Zero Prize, a bug hacking contest, over a year ago with the goal of squashing all the possible bugs available on whatever platform or device. Just recently, the tech giant has revealed findings on what is said to be “speculative execution security flaws” on an Intel processor. The results are alarming and so a number of processor manufacturers have started to look into the big issue to prevent further vulnerabilities from happening.
These problems are now known as Meltdown and Spectre and more details have just been presented by Google. Apparently, the exploitations have been around since 1995 but it appears to be unknown by the manufacturers. Perhaps they are minor issues before but now, they can’t be ignored and must be addressed.
For one, Meltdown is described as the failure of isolation between a user’s application and a computer’s operating system. The attack happens when memory normally used by the OS and programs can be accessed to obtain sensitive data currently used by other applications.
On the other hand, there is Spectre that operates the same way but between different applications only. Compared to Meltdown, Spectre is more difficult to exploit. Fortunately, there are software patches available for the two although a bigger solution is wanted. Meltdown is easier to address as against the problem with Spectre. Other variations are seen to be available in the future so it is highly recommended these speculative execution issues are completely resolved.
Results of the research were supposed to be released on January 9 but they were presented earlier because of increased risks. For further information, you may visit Meltdownattack.com. Antiviruses are expected to spot the Meltdown or Spectre attacks but advanced solutions are recommended. The best thing to do at this moment is to try and secure all your devices, accounts, and platforms in any way you know and can. If there are security patches or updates available, go ahead and download them. Apply all the necessary bug fixes presented by tech companies, OEMs, and service providers–to be sure.
VIA: SlashGear