Meltdown-Spectre: Malware is already being tested by attackers PDF Print E-mail
Written by Administrator   
Thursday, 01 February 2018 18:15
Meltdown-Spectre: Malware ChartGerman antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs. "So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754," the company wrote on Twitter. The company has posted SHA-256 hashes of several samples that a check on Google's VirusTotal indicates is being detected by some antivirus engines. Since Google disclosed the Meltdown and Spectre attacks on January 3, operating system vendors, chip makers, and browser makers have released patches to mitigate the three types of speculative side-channel attacks. Google's Chromium developers assessed that the attacks could impact browsers that support JavaScript and WebAssembly when executing externally code from a website. As Apple noted after issuing its patches, the Spectre attacks are extremely difficult to exploit, even if a malicious app is running locally on a macOS or iOS device. However, the attacks can be exploited in JavaScript running in the browser. A successful attack could expose passwords and other secrets. For the complete details of this important story, visit OUR FORUM.