The CPU will pass you with giblets: the most serious security hole in the entire history of observations?

What happened?

Google researchers have published a study, “Reading privileged memory with a side-channel,” in which they describe a hardware vulnerability they found that affects almost all modern and outdated processors, regardless of the operating system. Strictly speaking, there are two vulnerabilities. One is subject to many Intel processors (they were studied). AMD with ARM are also vulnerable, but the attack is more difficult to implement.

The attack allows access to protected memory from code that does not have the appropriate rights.

Perhaps the most likely and unpleasant application at the moment is getting a system memory dump during the execution of JavaScript.
')
Another interesting option is to escalate memory read permissions from a virtual machine. How do you like a VPS that steals data from other hosts?

The exploitation of the vulnerability leaves no trace.

How serious is this?

It is very serious. The world is divided into "before" and "after." Even if you don’t have a computer at all, some consequences may indirectly catch up with you offline.

How to protect yourself?

Install the latest system and browser updates. If you are not sure that the hole is precisely closed and your system is absolutely safe, it is better to turn off JavaScript even when visiting secure sites - they may be compromised. Some experts believe that it is impossible to completely protect the software programmatically and the only way to solve the problem is to change the processor to an ~~option without asbestos which is~~ known to be safe.

Great news, is that all?

Not all. Judging by the tests, the patches will greatly affect the performance of existing systems. Tests show a drop of 10-30% in some tasks. Yes, yes, you understood correctly, your poppy can become slower forever, and AWS is noticeably more expensive .

Additional data

Be healthy!

Source: https://habr.com/ru/post/346026/

All Articles