Mitigating Iguana Meltdown and Spectre Vulnerabilities

Introduction

Meltdown and Spectre exploit hardware vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.

Meltdown: Can be used to read sandboxed private kernel memory from an unprivileged user process. Spectre: Can be used to extract info from other running processes

Issue [top]

Meltdown and Spectre can be used to steal data that is processed on a computer.

Cause [top]

Meltdown:
  • You are affected if you have an Intel processor released since 1995 with the exception of Itanium and pre-2013 Atoms. A list of vulnerable ARM processors and mitigations is listed https://developer.arm.com/support/security-update. No AMD processors were affected.
  • The operating system is responsible for process management and access privileges:

    Iguana is just one of these processes. It is not possible to patch Iguana to fix this.

Spectre:
  • You could be affected to a degree if you are running Intel, ARM, or AMD processors.
  • This post has the specifics https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
  • One of the more prominent exploits could be stealing login cookies from your browser:

    Iguana is just a running process, and you interact with it via your browser. It is not possible to patch Iguana would to prevent this exploit.

Solution [top]

Meltdown:
  • In order to mitigate any risk exposed by this exploit, update your operating system by downloading all recent updates:

    All operating systems (Windows/Linux/macOS) have had patches released since this exploit was found that should protect you. Make sure you download them.

  • If you are running Windows Server, supposedly you need to enable “kernel-user space splitting” after the updates are installed.
Spectre:
  • All major browser vendors have issued patches already update your browsers:

    Everybody has said it doesn’t make it impossible for it to still happen but they have made it exponentially more difficult.

Prevention [top]

Ensure you are running the version of your operating system, and the latest version of your web browser.

 

Tagged: