Two new variants of the Meltdown and Spectre vulnerabilities that can allow an attacker to gain access to sensitive information have been found.
Google and Microsoft announced that the new variants, known as Meltdown 3a and Spectre 4, affect the CPU hardware implementations, making them vulnerable to side-channel attacks.
Cybersecurity researchers reported the issue after finding a new way to attack microprocessors while testing speculative execution behavior on Intel and AMD processors.
Meltdown is a bug that ‘melts’ the security boundaries usually enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that a hacker can exploit to force a CPU to reveal its data.
Once a code runs locally on a victim’s computer, highly skilled hackers have many tools at their disposal to expand their control and take over the machine. What made Meltdown/Spectre special was its universal nature in both working on many computers and being used in many different scenarios on a given computer.
We said it before, and we are saying it now: anything can be hacked and almost every app has flaws. Remember that it is essential for every user and company to add extra measures of cybersecurity. Every user must use only the best cybersecurity solution like an antivirus for Windows or antivirus for Mac depending on which OS their device is running. Also, every company must go an extra step to obtain the best cybersecurity measure; this can be done by hiring a cybersecurity firm that will attack purpose the company’s network of revealing its most destructive and dangerous flaws.
This kind of deliberate attacks is done through specialized cybersecurity tests like penetration test and ethical hacking tests.
The vulnerabilities were assigned Common Vulnerability Exposure numbers. Variant 3a, a rogue system register read, was assigned CVE-2018-3640 while Variant 4, known as Speculative Store Bypass (SBB), was assigned CVE-2018-3639. Variant 4 affects a narrow scope of specific unpatched browsers’ private data.
If a hacker has access to run code on a machine, there are already some more straightforward techniques to try before resorting to this which it’s far from the wide implications of the original Spectre and because of this Intel calls the new variants a Medium threat.
The more commonly used a vulnerability is, the more it helps hackers simplify their process; because, the easier it becomes for non-skilled hackers to compromise more computers.
In an industry where people are trained to expect speed, it’s not uncommon to see the vast majority of people choose speed over cybersecurity. The speed of the chips inside our personal computers, our tablets, and our phones are critical to their performance. In this case, the vulnerabilities take advantage of the very features that make them fast.
In their security advisory, Microsoft wrote, “At the time of publication, we are not aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate.”
Because we want you to stay safe and secured in front of all vulnerabilities like this one, we recommend implementing a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending of which OS are your machines running. We also suggested that every company must hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.
For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.