Skip Navigation
Oklahoma State University

Meltdown & Spectre Vulnerabilities

What are Spectre and Meltdown?

Security researchers discovered a set of vulnerabilities late in 2017 and publicized them in early 2018. These vulnerabilities were found to be present in nearly every computer chip manufactured in the last 20 years and could, if exploited, allow attackers to get access to data previously considered completely protected. The two major variations of are known as Spectre and Meltdown.
 

How do I prevent malicious programs from using these vulnerabilities? 

The vulnerabilities arise from features built in to chips to help them run faster. Though there are no evidence as of yet that these flaws have been exploited, but due to the nature and widespread potential affect these volnerabilities are seen as catastrophic. Microsoft along with other major developers have created software packages to close these gaps in volnerability. For these patches to be applied computers must be updated and restarted. 
 
 

Here are some useful links on how to update your machine:

Windows: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Apple: https://support.apple.com/en-us/HT208394

 

"Meltdown and Spectre

Vulnerabilities in modern computers leak passwords and sensitive data.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers."  - Meltdownattack.com