IT Security

Meltdown/Specter-based Malware Coming Soon to Every Device Except AMD

Since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws.

Spectre and Meltdown are security vulnerabilities disclosed by security researchers earlier this month in many processors from Intel, ARM and AMD used in modern PCs, servers and smart-phones, among other devices.

These CPU vulnerabilities could enable attackers to bypass memory isolation mechanisms and access everything, including memory allocated for the kernel containing sensitive data like passwords, encryption keys and other private information.

Researchers from independent antivirus testing firm AV-TEST detected at least 139 malware samples, as of today.

Another news makes this situation, even more, worse—Intel halted all its CPU firmware patches for the Meltdown and Spectre flaws last week after it caused issues like spontaneous reboots and other ‘unpredictable’ system behaviour on affected PCs.

So, until Intel and other vendors do not come up with stable security patches for the Meltdown and Spectre attacks that don’t cause systems to break, users are recommended to keep their operating system, web browsers, antivirus and other software up-to-date.

The Good News is!

AMD plans to release Spectre-proof processors — Not Expected to hit markets until 2019

AMD’s forthcoming lineup of Zen 2 processors will have built-in protection against the Spectre chip vulnerability, said CEO Lisa Su on the company’s earnings call on Tuesday afternoon.

First disclosed by Google earlier in January, Spectre takes advantage of a vulnerability in “speculative execution,” a feature of almost every modern processor, to give an attacker a potential route to stealing private information from otherwise secure systems. Intel, too, is rushing to get Spectre-proof chips to market.

“We have included changes in our future processsor cores, starting with our Zen 2 design, to further address potential Spectre-like exploits,” Su said on the call.

AMD announced its Zen 2 lineup at this year’s Consumer Electronics Show, with the chips expected to launch in 2019. The company also has another line of processors, the Zen+, arriving in April 2018, but Su did not say that those chips will come with the built-in protections.

As for existing processors, Su says that the company is working with PC manufacturers and the major operating systems to deliver mitigations. She says that some forms of Spectre attack are more “difficult” to execute on an AMD-based system than others, but the company will work hard to stamp out all variants.

Spectre was first announced alongside Meltdown, a related vulnerability that also takes advantage of speculative execution. However, Meltdown primarily affects Intel processors, as well as some ARM processors, meaing AMD is largely unaffected.

error: Content is protected !!