CERT-RO: Meltdown and Spectre threats target modern processors and operating systems
Modern processors and operating systems were affected, recently, by two new attacks dubbed Meltdown and Spectre, the specific of which represents the extraction of sensitive information from informatic systems by analysis of the physical signals emitted, the Romanian National Computer Security Incident Team (CERT-RO) announced on its own website.
According to the quoted source, the Meltdown and Spectre attacks (or Kaiser and KPTI) allow the extraction of sensitive data processed by a system at a given point.
The two threats exploit critical implementation vulnerabilities in modern processors. "In cryptography, these types of attacks are known as side-channel type attacks and are conducted on the basis of information gained from the physical implementation of a cryptographic system," the quoted source mentions.
According to CERT-RO, on the list of CPU architecture producers and operating systems affected are: AMD, Apple, ARM, Google, Linux Kernel, Microsoft.
"An attacker capable of executing code with user privileges can obtain different privileges, such as reading the kernel memory, which is usually protected, or he can bypass the KASLR (Kernel Address Space Layout Randomization) security," the CERT-RO specialists note.