Patches for the Meltdown vulnerability have been made available for all major operating systems now. However, that there currently aren’t actually any replacement CPUs that aren’t vulnerable! This issue may speed up some providers depreciation of old technology.
CVE 2017 5754 FIX FOR MAC FREE
Seriously! This is currently the only 100% guaranteed method to be free of these vulnerabilities. Technical overview from Google Project Zero.Non-technical overview from Cloudflare.How does it work?īetter people than us have already covered this. While this doesn’t make dedicated servers any less vulnerable, it does severely reduce the attack surface.
CVE 2017 5754 FIX FOR MAC CODE
For dedicated servers being used by one company however, the only code that should be running on the system is trusted code. For desktop systems this is a problem as most websites nowadays require that browsers run untrusted Javascript. For cloud computing providers this is a big issue as the same CPU is being used by many guest systems. It is worth pointing out that while most computers, servers & mobile phones are vulnerable, an attacker would still have to be able to run code on the same CPU you are using in order for you the be affected.
There are a few exceptions for CPUs not affected by these vulnerabilities however so far these have all been low powered ARM devices such as the Raspberry Pi. The Spectre collection of vulnerabilities are responsible for the slowdown of CPUs in your computer as they target a major part of the CPU responsible for the speed (speculative execution). There are literally hundreds of ways to exploit Spectre and many do not have an easy fix. Only two of the easiest to implement attacks are currently being patched for. While only Intel CPUs are affected by the Meltdown vulnerability (CVE-2017-5754) CPUs made by AMD, ARM, Nvidia and other manufactures are all affected by the Spectre vulnerabilities (CVE-2017-5753 & CVE-2017-5715).Īdditionally, Spectre is a collection of vulnerabilities.
Almost two weeks later and we do know a lot more however the outlook is still bleak. On 3rd January 2018 engineers around the world scrambled to respond to the announcement that most CPUs on the planet had a vulnerability that would allow attackers to steal data from affected computers.
0 kommentar(er)
