Critical flaws revealed to affect most Intel chips since 1995
Most Intel processors and some ARM chips are confirmed to be vulnerable, putting billions of devices at risk of attacks. A security researcher said the bugs are “going to haunt us for years.”
Two critical vulnerabilities found in Intel chips can let an attacker steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents.
“Meltdown is not only limited to reading kernel memory but it is capable of reading the entire physical memory of the target machine,” according to the paper accompanying the research.
The vulnerability affects operating systems and devices running on Intel processors developed in the past decade, including Windows, Macs, and Linux systems.
The two bugs break down a fundamental isolation that separates kernel memory — core of the operating system — from user processes. Meltdown lets an attacker access whatever is in the affected device’s memory, including sensitive files and data, by melting down the security boundaries typically held together by the hardware. Spectre, meanwhile, can trick apps into leaking their secrets.
Microsoft released patches for Windows, outside its usual Patch Tuesday update schedule. Apple reportedly patched the flaw in macOS 10.13.2. and, patches for Linux systems are also available.
Many cloud services running Intel-powered servers are also affected, prompting Amazon, Microsoft, and Google to patch their cloud services and schedule downtime to prevent would-be attackers from reading other processes on the same shared cloud server.
Microsoft and Amazon have announced scheduled downtime of their cloud services in the coming days.
Google, whose Project Zero team was credited with finding the vulnerability, said in a blog post that, “as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data.”