Cybersecurity researchers have uncovered a security flaw dubbed “Meltdown” in Intel processors that could allow hackers to bypass kernel access protection and directly access private kernel memory. Kernels in operating systems have complete control over the entire system, and connect applications to the processor, memory, and other hardware inside a computer. If hackers find a way in they could potentially exploit security weaknesses, access security keys, passwords, and modify, delete, or corrupt files cached on disk. This security flaw could effect nearly every computer with a 1995 or later Intel processor.
Fortunately, there have been no known exploits at this time.
It is speculated that virtual machines and cloud providers will be most affected by this flaw. Amazon Web Services are pushing a security update today and Microsoft’s Azure will perform maintenance next week.
To protect against this, Linux programmers have been separating the kernel’s memory away from user processes in what’s being called “Kernel Page Table Isolation.” Microsoft programmers have also been working towards separating NT kernel memory in Windows 10 since November and have issued security updates to support versions of Windows Wednesday evening.
SOLUTION: Software updates are required for both Windows and Linux systems. Chrome users need to update their browsers, as do Chrome OS users. Mozilla will also update Firefox browser.
This bug does not effect AMD processors, another processor manufacturer, as explained by Tome Lengacky, an AMD engineer: “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.”
You can watch a video of the Meltdown attack here.