Skip to content

Home Special Announcement
Special Alerts
Meltdown and Spectre Attacks
Sunday, 07 January 2018 00:00

Description:
"Meltdown" and "Spectre" are attacks that exploit hardware vulnerabilities in modern processors. "Meltdown" allows attackers to read arbitrary kernel memory or arbitrary physical memory of the target machines. "Spectre" allows attackers to trick an application into leaking sensitive information stored in memory.


CVE Numbers:
CVE-2017-5753/CVE-2017-5715/CVE-2017-5754

Systems Affected:
System which implements processor that allows memory reads in out-of-order instructions and runs an unpatched operating system is potentially affected by Meltdown. These systems may be Desktop, Laptop, and Cloud computers.

System which implements processor that performs speculative execution from branch prediction is potentially vulnerable to Spectre. These systems may be Desktops, Laptops, Cloud Servers, and Smartphones.

Prevention:
Users are advised to apply security patches available to all affected devices:

  • Windows: Microsoft has released the security update and issued a guidance to mitigate these vulnerabilities.
  • MacOS: Apple had already fixed most of these security holes in macOS High Sierra 10.13.2 last month, but MacOS 10.13.3 will enhance or complete these mitigations.
  • Linux: Linux kernel developers have also released patches by implementing kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space.
  • Android: Google has released security patches for Pixel/Nexus users as part of the Android January Security Patch Update.  Other users have to wait for their device manufacturers to release a compatible security update.
  • Firefox Web Browser: Mozilla has released Firefox version 57.0.4 which includes mitigations for both Meltdown and Spectre timing attacks. Users are advised to update their installations as soon as possible.
  • Google Chrome Web Browser: Google has scheduled the patches for Meltdown and Spectre exploits on January 23 with the release of Chrome 64, which will include mitigations to protect your desktop and smartphone from web-based attacks.
  • VMware: VMware has released a list of its products affected by the two attacks and security updates for its ESXi, Workstation and Fusion products to patch against Meltdown attacks.


Reference:
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://thehackernews.com/2018/01/meltdown-spectre-patches.html
https://www.kb.cert.org/vuls/id/584653

 

 

 
WPA2 Key Reinstallation Vulnerabilities

Description:
Key reinstallation attacks or "KRACK" attacks were reported in the WPA2 Wi-Fi protocol. An attacker within range of an affected AP and client may be able to conduct attacks including arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

CVE Number:
CVE-2017-13077: Reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: Reinstallation of the group key in the Four-way handshake
CVE-2017-13079: Reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: Reinstallation of the group key in the Group Key handshake
CVE-2017-13081: Reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame


Systems Affected:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any Wi-Fi device that uses WPA2 is likely affected.

Mitigation:
1. Users are advised to install updates to affected devices as they are available or contact your vendors directly for update information.

Reference:
https://www.krackattacks.com/
http://www.kb.cert.org/vuls/id/228519

 
Page 1 of 7
[YOUR IP : 54.81.166.196: 50864] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...