Security at Risk | Flaws in Microprocessor| Spectre and Meltdown

What are Spectre And Meltdown?

The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access.
Vulnerabilities in modern computers leak passwords and sensitive data.


Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.



Spectre and Meltdown use only flaws in the design of your device’s microprocessor.

Who reported Meltdown?

Meltdown was independently discovered and reported by three teams:
Jann Horn (Google Project Zero),
Werner Haas, Thomas Prescher (Cyberus Technology),
Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz(Graz University of Technology)

Who reported Spectre?

Spectre was independently discovered and reported by two people:
Jann Horn (Google Project Zero) and
Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp(Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61)

What is caching?

Caching is an area of a computer’s memory devoted to temporarily storing recently used information. cache hit occurs when the requested data can be found in a cache, while a cache miss occurs when it cannot.


How Meltdown Works?


Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

How Spectre Works?Spectre2.PNG

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
Luckily, there are software patches against Meltdown.

You can download them from here

Spectre and Meltdown are the names given to a trio of variations on a vulnerability that affects nearly every computer chip manufactured in the last 20 years. The flaws are so fundamental and widespread that security researchers are calling them catastrophic.

if exploited, allow attackers to get access to data previously considered completely protected. Security researchers discovered the flaws late in 2017 and publicized them in early 2018. Technically, there are three variations on the vulnerability, each given its own CVE number; two of those variants are grouped together as Spectre and the third is dubbed Meltdown.

Now what you might be thinking is What is CVE number?

CVE stands for Common Vulnerabilities and Exposures. It is a program launched in 1999 by MITRE, a nonprofit that operates research and development centers sponsored by the federal government, to identify and catalog vulnerabilities in software or firmware into a free “dictionary” for organizations to improve their security.

Can hackers use the CVE to break into networks?


The short answer is yes, but MITRE and the CVE board contend that the benefits of CVE outweigh the risks:

  • CVE lists only publicly known vulnerabilities and exposures, which means skilled hackers likely know about them anyway.
  • It takes much more work for an organization to protect its networks and fix all possible holes than it takes for a hacker to find a single vulnerability, exploit it, and compromise the network.
  • There is growing agreement in the infosec community that sharing information is beneficial. This is reflected in the fact that the CVE Board and CNAs include key infosec organizations.


    Exploiting Speculative Execution.

    . At a high level, Spectre attacks trick the processor into speculatively executing instructions sequences that should not have executed during correct program execution. As the effects of these instructions on the nominal CPU state will be eventually reverted, we call them transient instructions. By carefully choosing which transient instructions are speculatively executed, we are able to leak information from within the victim’s memory address space.

    Attacks using Native Code.

    We created a simple victim program that contains secret data within its memory access space. Next, after compiling the victim program we searched the resulting binary and the operating system’s shared libraries for instruction sequences that can be used to leak information from the victim’s address space. Finally, we wrote an attacker program that exploits the CPU’s speculative execution feature in order to execute the previously-found sequences as transient instructions.

    Attacks using JavaScript.

     In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code.