2018 rang in with a bang in the computer security world, as two serious and extensive processor vulnerabilities were discovered in early January. Last week, researchers with Google’s Project Zero and various universities and private security shops announced their troubling findings that the majority of the world’s computer chips manufactured over the past two decades had been susceptible to two exploits—named “Meltdown” and “Spectre”—for years. (Yes, that means your computer, smartphone, and tablet are affected.)
Computer programs are not supposed to be able to read certain data from other programs. Yet the Meltdown and Spectre hardware bugs could allow a malicious actor to bypass memory isolation and access “secrets stored in the memory of other running programs”—like passwords, photos, emails, communications, and personal documents.
While serious vulnerabilities affecting browsers and other software are unfortunately rather common, the Spectre and Meltdown bugs are noteworthy both for the extent of their reach and the fact that they affect the very chips that make all of our devices run. Andrea O’Sullivan explains more about these bugs and how they were found.
from Hit & Run http://ift.tt/2qMw9BQ
via IFTTT