Emmanuel Marshall 05 January 2018 13:17:56 AEDT 3 MIN READ

‘Meltdown’ & ‘Spectre’ Bugs: PCs & Macs Vulnerable to Data Theft


Newly discovered security bugs in computer processors have been revealed that make almost all devices vulnerable to data theft.


Breaking Cybersecurity News:


Dubbed ‘Meltdown’ and ‘Spectre,’ the newly discovered bugs are critical flaws in the performance optimization processes of computer CPUs.

The bugs affect most CPUs from Intel, AMD, and ARM and could allow cybercriminals to access system memory containing passwords, encryption keys and emails.

Cybersecurity researcher Dr Yuval Yarom at the University of Adelaide was part of an international team that discovered Meltdown and Spectre and co-authored an online report revealing the threat yesterday.

"Both Meltdown and Spectre exploit critical vulnerabilities in modern processors, which are the main part of our computers," Dr Yarom commented in a University of Adelaide press release. "These bugs in the hardware can enable hackers using malicious programs to steal sensitive data which is currently processed on the computer. Such programs can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. They do this because the processor leaves behind traces of the information that it's processing, and these traces could lead a hacker to discover important information. Such information might include passwords stored in a password manager or browser, personal photos, emails, instant messages, and other sensitive documents."

Dr Yarom stated that patches are now available to mitigate Meltdown on Windows, OS X and Linux operating systems, but no fix is available yet for the Spectre bug.

"We have found the Meltdown and Spectre bugs in processors used for personal computers, mobile devices, and in the cloud. This raises a number of concerns about the security of each of these devices worldwide," Dr Yarom said.

Meltdown and Spectre affect desktop machines, laptops, mobile devices, and cloud environments. The bugs allow malware to steal data from the operating system memory, as well as secret information of other programs.

In addition to the team at The University of Adelaide, the research group working on Meltdown and Spectre includes experts from Google Project Zero, Graz University of Technology (Austria), Cyberus Technology (Germany), University of Pennsylvania, and University of Maryland.

The international Spectre and Meltdown working group’s FAQ page states:

"If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure."

 

Defend Your Business


Cybercriminals can use scam emails to deliver malware to your company's computers like trojans, droppers and viruses - malware that has the potential to take advantage of vulnerabilities like Meltdown and Spectre.

Email-borne malware attacks can be enormously costly and destructive. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now.

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering protection. You’ll significantly reduce the risk of malicious email entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30

 

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates