- 10 Jan
Honeywell – Cyber Security Update (Spectre & Meltdown)
Security Notification – Processor Vulnerabilities (Spectre & Meltdown)
Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715) exploit critical vulnerabilities in central processor units (CPU). These vulnerabilities allow an attacker to steal data which is currently processed on the computer. While applications are typically not permitted to read data from other programs, a malicious attacker could exploit Meltdown and/or Spectre to gain secrets stored in the memory of other running programs. This may include passwords stored in a password manager or browser, personal identifiable information, photos, emails, instant messages and even business-critical documents. While the vulnerabilities are significant, and proof of concept exploit code has been released, no known exploits have been found in the wild. Key points include:
- Because Meltdown and Spectre impact Intel, AMD, and ARM processors, all types of systems from desktop, to server, to cloud, to IoT and mobile devices are impacted.
- Windows, Linux, Red Hat, OS X (prior to High Sierra 10.13.2), iOS, and Android are all impacted by these vulnerabilities. OS remediation is to patch.
- These are information disclosure vulnerabilities that could allow an attacker to gain information about the target system.