|
Chip manufacturers have disclosed vulnerabilities in their software that
can lead to unauthorized disclosure of sensitive information. The vulnerability exists in
workstations, servers, cloud computing environments, and mobile devices.
The vulnerabilities are the result of a software coding technique called speculative execution.
With speculative execution, the software attempts to anticipate upcoming actions or tasks.
By anticipating the next step, the software can do work before the task is needed and reduce response time
delays. If the actions are not needed, the results are ignored.
Two specific vulnerabilities, Meltdown (Intel chips) and Spectre (AMD and Arm chips), can allow a hacker
to steal information stored in the memory of a chip including passwords, e-mail messages, and other sensitive
information. The vulnerabilities may also allow a hacker to circumvent or weaken other security features.
What you should do
Organizations should apply security updates per their Patch Management Policy.
Updates should be tested before installing patches in production environments. Devices to be patched include:
- Workstations
- Servers
- Mobile Devices
In addition to addressing vulnerabilities in their internal environment, organizations should contact their
third party service providers to:
- Ensure they are deploying patches in a timely manner
- Identify any downtime requirements
On an annual basis, engage
the services of an outside security auditor to perform a network security audit.
The security audit evaluates the effectiveness
and sufficiency of the organization's technical
safeguards, physical safeguards, and
administrative safeguards.
Security Blog menu
Tags: chip security vulnerabilities |
intel chip vulnerability |
amd chip vulnerability | arm chip vulnerability
|
