Meltdown and Spectre
Researchers have discovered very serious security vulnerabilities that expose computers and smart phones to the risk of being named Meltdown and Spectre. These gaps have been found in Intel, AMD and ARM processors, and users of computers, laptops, tablets and phones, regardless of manufacturer or operating system, Microsoft, Apple, Google, and Linux were discovered by Google researchers who work for Project Zero and said they affected the processors produced by Intel and some other manufacturers, and Intel was forced to disclose this. The order was made officially after a report issued by the British Technology website Heer The Register, the report caused the impact on the shares of Intel, which received the company of Google they wanted to detect the problem next week after finding a solution.
The danger of the gap is that it is caused by an error in the architecture design of the processor and memory, and therefore can not be closed with a simple update and requires an update at the level of the operating system and its nuclei to ensure not exploited.
The processor provides kernel memory that stores important data such as passwords, encryption keys, temporary files, and login keys. This is a memory that can not be accessed by any program within the computer. The program (task at the user account level) Processor level, which in turn creates a task to access that memory and fetch the required data if security approvals are required to run those tasks.
According to the report published by the site Register, the gap in the design of that architecture allows the programs at the level of the user account to access the memory inside the processor without the need to pass in a logical sequence, which means the possibility of stealing some security keys to exploit the gaps in other operating system, without forgetting some Important data as encryption keys or passwords.
A malicious program can then be written to take advantage of the Security gap and access the kernel memory inside the processor to extract confidential user data and then attack a computer using it.
Linux, Apple and Microsoft developers have begun working on solutions to the Security gap. According to some experiences, current solutions are slowing the performance of the computer by 5% to 30% or 35% in the worst case, which can not be solved in time Currently. As for the reason for this slowdown, closing the gap is now by transferring that memory to another location, so every task within the system (each process that reaches the processor) will access the old address first, then dump the temporary data and go to read the data from the new address.
No comments:
Post a Comment