loading...

re: Processor Security Flaws VIEW POST

FULL DISCUSSION
 

This has to be the worst vulnerability I've ever heard of. It takes advantage of a layer between apps and data that users expect to be totally secure.

 

I wonder if it has been exploited by someone before it became widely known. How likely is it that black hats/govts could know about it and use it secretly?

 

From the Reuters article:

Speaking on CNBC, Intel’s Krzanich said Google researchers told Intel of the flaws “a while ago” and that Intel had been testing fixes that device makers who use its chips will push out next week. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on Jan. 9. Google said it informed the affected companies about the “Spectre” flaw on June 1, 2017 and reported the “Meltdown” flaw after the first flaw but before July 28, 2017.

I haven't heard of any exploits in the wild yet. Although, keeping vulnerabilities secret to use as zero-day attacks is the standard operating procedure of the NSA. And if the NSA knows about it, black hats probably know about it too. I would actually be surprised if that wasn't the case.

Code of Conduct Report abuse