Background Image

Blog Post

Jan 05

Meltdown And Specter

Everything you know about hacking is probably going to change soon. Specter and Meltdown are "among" the first vulnerabilities that potentially make use of weaknesses in isolation layers. Layers that generally are protected from programs that might try to bypass them through more conventional exploitation. The x86 addresses and sinkholes - which are only documented by the manufacturers of processors in ways that read like censored encyclopedias, are in fact being documented in the wild by a few hackers - if not many. This means that anyone who knows how to fuzz a processor's microcodes and has enough time on their hands can in point of fact find exactly the kinds of exploitable snippets of microcode that would make use of vulnerabilities like the ones we are discussing.

It Works Like This

A sandbox environment with a specific target processor, a code, a test. The code in this case is something that makes a processor execute in an unusual way, like regurgitating data or even freezing an address space. The sandbox with it's antivirus doesn't see anything happening, because the microcode is being fed in through APIC avoiding MCH as shown around 19:00 below.


Why This Matters

After the POC and papers by: *Courtesy of Meltdown Attack It became clear that google had some insight into this situation as well as some solutions for their products, though it is unclear precisely how much can be prevented without careful analysis of the method. The fear is that while the patch may prevent accidental infection, intentional use of the methods will quickly circumvent the patches. There was some deliberation about when to release the information related to these vulnerabilities and intel and other companies are potentially facing class action lawsuits over this vulnerability.

Who reported Meltdown?

Meltdown was independently discovered and reported by three teams:

  • Jann Horn (Google Project Zero),
  •  (Cyberus Technology),
  • Daniel GrussMoritz LippStefan MangardMichael Schwarz(Graz University of Technology)


Who reported Spectre?

Spectre was independently discovered and reported by two people:

It has been determined that nearly every computer, laptop, cloud, smartphone, tablet, iot device in use regardless of manufacturer is in fact vulnerable to this type of exploit. To be clear it is unknown if this exploit is currently in use anywhere. Proof of concept videos like the one shown demonstrate that at least since 2015 this was knowable as a possible attack vector, though it is unclear where any attribution or reporting would have made this proven as an attack, particularly due to it's characteristics making it nearly impossible to detect via antivirus product unless introduced via virus or malware program that triggers alerts.  

What To Do

Start here, and download the appropriate patch if you haven't received an update that includes it. Linux is making tremendous strides to patch this as well, as seen here. We'll be bringing more information/solutions about this as soon as possible. 

Additional Patch Info

Add Comment:
Please login or register to add your comment or get notified when a comment is added.
1 person will be notified when a comment is added.