Meltdown and Spectre
Vulnerabilities in modern computers leak passwords and sensitive data.
Meltdown and Spectre exploit critical vulnerabilities in modern processors.These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, amalicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets.In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.However, it is possible to prevent specific known exploits based on Spectre through software patches.
Meltdown was independently discovered and reported by three teams:
Spectre was independently discovered and reported by two people:
Jann Horn (Google Project Zero) and
Paul Kocher in collaboration with, in alphabetical order,Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61)
更多内容,请查阅 https://spectreattack.com
poc代码:
https://github.com/turbo/KPTI-PoC-Collection
https://github.com/Eugnis/spectre-attack
研究人员对两个漏洞的pdf报告:
meldtown: https://meltdownattack.com/meltdown.pdf
Spectre: https://spectreattack.com/spectre.pdf