Clean Master for PC teach you how to deal with CPU vulnerability crisis

Clean Master for PC teach you how to deal with CPU vulnerability crisis

On January 4, the Google Project Zero team disclosed two CPU chip-level vulnerabilities in Meltdown ( CVE-2017-5754 ) and Specter ( CVE-2017-5753, CVE-2017-5715 ), evolving into a Class A network security disaster. No cases of exploiting these vulnerabilities have been found so far, so we do not have to be overly alarmed.

How to attack?

        Meltdown vulnerabilities directly break the core memory protection mechanism, allowing malicious code to directly access this piece of sensitive memory; Specter vulnerabilities by spoiling memory of other applications to deceive them to access the core memory address. Their purpose is to capture sensitive content stored in core memory through the sidewalk, with only slight differences in the means of implementation.

Harm

        Attackers can exploit vulnerabilities to bypass kernel-level protection such as KASLR and steal locally sensitive information through browsers and even steal data from others on cloud servers. Vulnerability is more complicated to fix and can result in degraded CPU performance and compatibility issues.

Sphere of influence

        Most operating systems are affected by this: Windows, Linux, macOS, Amazon AWS, Google Android are all strokes. Almost all processors are affected by this: almost all Intel, AMD, Qualcomm manufacturers and other ARM processors have been affected since 1995.

This one-sided CPU manufacturers can not be repaired, the need for multi-vendor linkage, resulting in higher repair difficulty, coupled with a larger impact, so this is a 21st century spread to almost all mainstream smart terminals, computers, Laptop, Pad, cell phone, IOT device super catastrophe.

This vulnerability has a wide range of impact, but its use is limited: mainly because the vulnerability can not be exploited remotely, an attacker would have to run an attacker on the target computer, while a locally installed anti-virus software could minimize this possibility .

How to deal with CPU vulnerability crisis?

        The vulnerability has a wide range of impact, but for an individual user, the vulnerability can not be exploited remotely. Therefore, users do not need to panic, according to the system prompts to upgrade the patch, and keep anti-virus software open to protect personal computer security.

Currently inventory of the affected vendors and update the progress of the product?

Intel:

https://security-center.intel.com/advisories.aspx

ARM:

https://developer.arm.com/support/security-update

AMD:

https://www.amd.com/en/corporate/speculative-execution

Microsoft:

https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

Amazon:

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

Chrome:

https://support.google.com/faqs/answer/7622138#chrome

Mozilla:

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Red Hat:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

Debian:

https://security-tracker.debian.org/tracker/CVE-2017-5754

Ubuntu:

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

SUSE:

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

LLUM:

http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20180101/513630.html

VMWare:

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

Citrix:

https://support.citrix.com/article/CTX231399

 

 

*Meltdown and Spectre’s Questions & Answers

https://spectreattack.com/#faq-detect

Leave a Reply

Your email address will not be published. Required fields are marked *