bootstrap modal popup

MELTDOWN AND SPECTRE

What is behind the names Meltdown and Spectre and how does SecuLution Application Whitelisting protect against attacks on these vulnerabilities?

Meltdown and Spectre

UPDATE

“Malware makers are experimenting with malware that exploits the Spectre and Meltdown CPU bugs.

German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs.

‘So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,’ the company wrote on Twitter.

The company has posted SHA-256 hashes of several samples that a check on Google's VirusTotal indicates is being detected by some antivirus engines.”

WHAT YOU SHOULD KNOW ABOUT MELTDOWN AND SPECTRE

Microsoft, Linux, Google, and Apple began rolling out patches at the beginning of January 2018 addressing design flaws in processor chips named "meltdown" and "spectre" by security researchers. SecuLution informs on this page about the advantages of Application Whitelisting in connection with these and other unknown vulnerabilities.

WHAT IS MELTDOWN?

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.

WHAT IS SPECTRE?

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.

SECULUTION

Can SecuLution Application Whitelisting protect against exploiting these vulnerabilities?
The security provided by SecuLution remains the same.

The exploitation of the Meltdown and Spectre vulnerabilities requires additional software, which must be run on the compromised computer. This malware is not known to SecuLution and is thus prevented from being executed by SecuLution.