Understanding Meltdown and Spectre

posted on Fri, Jan 12 2018 2:58 pm by Jay Haase and Timid Zehta

Meltdown and Spectre vulnerabilities logos

You’ve probably heard or seen at least a few news stories about the most recent technology vulnerabilities, Meltdown and Spectre. These newly discovered hardware issues are pervasive, complex, and very technical. While specifics continue to be finalized, we wanted to provide two explanations that audiences across the board — from tech pros to non-techs — will find useful and accessible.

First, let’s cover the basics.

What are Meltdown and Spectre

A website created by Graz University of Technology, one of the organizations that discovered the vulnerabilities, explains these vulnerabilities and what they can do in a clear way:

“Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud.”

Get More Information About the Vulnerabilities

Experts predict these vulnerabilities will continue to impact us for a long time. Technology isn’t perfect, as we know from previous incidents. The best thing to do is stay informed, and the following articles will help with that.

The Differences Between Meltdown and Spectre

5 minute read

This article, A Simple Explanation of the Differences Between Meltdown and Spectre, provides a very easy to understand comparison with a basic definition of Meltdown and Spectre.

A Non-Technical Explanation

10 minute read

In An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience, the author gives a detailed (and illustrated) explanation of how these two bugs make it possible for an attack to extract information from affected devices.  

 

If you like this content and want to stay in touch, sign up for our newsletter or follow us on social: Twitter, LinkedIn, and Facebook.

 

blog comments powered by Disqus