- HOW TO UPDATE GOOGLE CHROME DUE TO SPECTRE AND MELTDOWN ANDROID
- HOW TO UPDATE GOOGLE CHROME DUE TO SPECTRE AND MELTDOWN SOFTWARE
Windows, MacOS, Linux and Android have lately released patches that is now widely known as “KAISER”. The objective of this case study is to help us boost information gathering on our target. In this case, my AMD A6 processor is vulnerable (you will know if your vulnerable on the attack if you will be experiencing the same output). This image displays a secret message from a set of custom target address. Spectre came from the side effect of speculative execution that induces victims to perform speculative operations that would not occur during correct program execution and can result on the leaking of confidential information via a side channel to the adversary. The side channel or what they refer as side channel attack occurs when some electronic circuit is inherently leaky that they produce emission (in this case heat and electromagnetic emission) that is a feasible source of information for an attacker. Side channel plays a big part of this attack. The speculative execution is an optimization technique where the computer system performs some task but that may be discarded later if not needed. Branch prediction or predictor function improves the flow on the instruction pipe. Meltdown in action on an AMD A6 seems to be not working but it is too early to conclude due to the lack of OoOE execution feature of the processor.Īnother part of our modern processor is the using of the branch prediction and the speculative execution to maximize the performance. Meltdown breaks the security assumptions given by the address space that is isolated in this case including well paravirtualized environments (virtual machines) and every security mechanism built on this foundation.
HOW TO UPDATE GOOGLE CHROME DUE TO SPECTRE AND MELTDOWN SOFTWARE
This vulnerability that allows the independent operation on its operating system means that it will work on any platform and would not rely on any software vulnerability. The attacker would take the advantage of the OoOE side effect and leak the victims’ physical memory. The side effect of OoOE is the cause of the meltdown which caused the reading on the arbitrary kernel memory locations that includes personal data and passwords. Most of our microprocessors are using Out Of Order Execution (OoOE) - a paradigm used on high-performance microprocessors to make use of instruction cycles. This vulnerability is named as Meltdown and Spectre. When it is executed, it acts as a covert channel then it will leak the victim’s memory or register contents. Also, it includes physical memory all mapped on the kernel and at a high level, violates memory isolation boundaries by combining speculative and data exfiltration on micro-architectural covert channel that the attacker starts on locating the sequence of instructions within the victim’s address process space. The effects were that the attacker allows the overcoming of memory isolation by just providing a way on any user process to read the kernel (in this case it’s the entire kernel) memory of our machine it executed. Most of our modern computer system relies on memory isolation where kernel address range is marked as non-accessible and protected by user access.Įarly this January 2018, Google Project Zero disclosed a vulnerability that affects almost all modern CPU’s today. Sometimes it could lead to the redesigning if it’s hardware architecture. Unlike software, it is not that easy to come up with a solution for hardware vulnerability. This case study illustrates that the attack that occurs on hardware could lead into catastrophic effect on our privacy that will quite hunt us. We always encounter attacks that relies on software vulnerabilities, but in a matter of short period of time, it would eventually be patched up by the vendors.
0 kommentar(er)
