Meltdown & Spectre
What’s the problem?
In many processors, unauthorized memory access is possible during speculative execution of code. Under certain circumstances, this vulnerability can be exploited by malicious code. Such code can also originate from JavaScript executed in the user’s browser, or from other virtual servers in the cloud. In a blockchain, the potential threat comes from scripts executed to carry out transactions (e.g. Bitcoin (un)locking scripts, Chaincode by HyperLedger).
How long have we known about the issue?
Google and Graz University of Technology have known about the issue since the summer of 2016.
Have Spectre and Meltdown already been exploited?
It’s possible. However, to the best of our knowledge, no exploits have yet come to light.
Have there been similar issues in the past?
Intel had a problem with its processors in 2012 (http://www.kb.cert.org/vuls/id/649219), but not on the same scale. These issues are usually dealt with secretly until patches are available. In the case of Spectre and Meltdown, the issues came to light before the planned patch day (9.1.18).
What can be done?
Patch the operating system of all devices with affected processors.
Where can I find more information?
More information can be found here:
- Meltdown Attack: meltdownattack
- Heise Online: http://bit.ly/2mb4cy3
