Spectre & Meltdown

Processor Security Flaw

Odoo CMS- Sample image floating

     Almost every processor made since 1995 is susceptible to the Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) vulnerability.  The vulnerability could allow attackers to steal sensitive data being processed on computers using the Intel, ARM and AMD chips.  The attacks takes advantage of a feature in microprocessor chips know as "speculative execution," which is how most modern CPU's tend to optimize performance.

     Cloud service providers like Microsoft, Amazon, AWS, and Google have already updated their infrastructure with fixes, however, users are still strongly recommended to apply the latest patches to their guest environment or their computers.  Patches for the Meltdown have already been issued for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux.  Spectre, involves two known attack strategies and is more difficult to patch.  Because of the difficulty in actually implementing real world attacks utilizing the Spectre and Meltdown flaw there has been no known widespread use of the flaws yet.   But, motivated attackers could develop efficient techniques for exploitation in the future.