Security researchers have released details on two vulnerabilities that affect the microprocessors running in virtually all modern computing devices, and technology companies are scrambling to patch them.
The vulnerabilities, dubbed “Meltdown” and “Spectre,” appear to affect the processors of Intel, AMD and ARM Holdings to varying degrees. The bugs potentially extend to nearly all devices that are powered by those chipsets, including laptops, desktop PCs, smartphones and servers that run cloud services. There are software patches being put in place to protect against Meltdown, but Spectre will prove more difficult to address since it will require redesigning processors.
The exploits, the result of long-standing design flaws in chipsets, could allow malicious actors to access or steal sensitive data from devices or servers.
Mike Chapple, associate teaching professor of IT, analytics and operations at the University of Notre Dame, says the major issue with both of the vulnerabilities is that they allow an attacker to access arbitrary memory locations. This means that if an attacker can manage to run code on a system, he or she can access any of the information being processed on that system.
“This is a particularly significant issue when different users share the same hardware, such as in a cloud computing environment,” Chapple adds. “However, the impact isn’t limited to the cloud. It exists even on desktop computers and mobile devices used by a single person. If an attacker tricks you into running their software, that software can read the sensitive information used by other applications, such as the passwords stored in your browser, and report them back to the attacker.”