Meltdown and Spectre Exploit
Daniel Nashed – 5 January 2018 23:44:30
There is a new security issue for most modern CPUs. Intel and AMD is affected in different ways.
It's not something that is application specific. It's a CPU and OS level issue. Which affects also virtualization hosts.
Here is the best website to get details --> https://meltdownattack.com
And there are already some patches for some platforms.
I have just installed the current kernel patches for CentOS (kernel 2.6.32-696.18.7).
Here is the info from RHEL about the first patches https://access.redhat.com/errata/RHSA-2018:0008.
We will probably see patches for other platforms including virtualization platforms like ESX.
Those are the first fixes. And we will probably see more followup fixes.
Update 06.01.2018:
There is an interresting article describing some of the background and what hardware and software vendors are doing against it with different approaches.
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
From what I see the applications with the biggest exposure to those bugs are web-browsers because they execute active code from remote (e.g. JavaScript).
Here is also a current statement from Mozilla:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
And there is the status page for Chrome and other Google technologis:
https://support.google.com/faqs/answer/7622138#chrome
-- Daniel
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}