Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks

Discussion in 'Tech news' started by silversurfer, Jan 4, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Mozilla has officially confirmed that the recently disclosed Meltdown and Spectre CPU flaws can be exploited via web content such as JavaScript files in order to extract information from users visiting a web page.

    Meltdown and Spectre are two vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995, impacting CPUs deployed in desktops, laptops, servers, smartphones, smart devices, and cloud services.

    Researchers say that attackers can use the two flaws to read data from a computer's kernel memory (Meltdown), but also data handled by other apps (Spectre).

    More precisely, Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."

    daljeet, Der.Reisende and RGiskardR like this.
  2. Google Adsense

Share This Page