Meltdown & Spectre: AWS, Azure & GCP Take Measures To Protect Cloud Customers

Posted January 05, 2018

Also, given that the above threats relates to the design architecture that the chips follow, there is going to be changes needed to the way the OS interacts with the chip to ensure a thorough prevention mechanism to mitigate the dangers posed by Spectre and Meltdown.

Q&A What can I do about the Meltdown and Spectre flaws?

Meltdown has now only been proven effective against Intel processors, while the Spectre attack can be leveraged against processors from Intel, AMD and ARM.

Devices like Huawei's Mate 10 and Mate 10 Pro, which run on Kirin processors based on chip cores from ARM, could potentially be affected, as could Xiaomi devices such as the Xiaomi Redmi Pro.

Apple and AMD did not immediately respond to requests for comment. "Intel believes these exploits do not have the potential to corrupt, modify or delete data".

Stating that the bug had has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices, AWS claimed that "all but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected".

This was to be expected, as Google said yesterday that Spectre is harder to exploit, but also harder to patch.

There's no evidence that bad actors have yet exploited the bugs, but companies from Microsoft to Mozilla said they have worked to patch up vulnerabilities to their operating systems.

However, there are now no known attacks that have exploited these flaws, according to the Google researchers.

The two security flaws have caused issues across the technology industry, leaving tech companies scrambling to push out fixes.

Amazon Web Services (AWS) also said it was made aware of the research around the bug past year, referring to it as a "side-channel analysis of speculative execution on modern computer processors [namely] CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754".

Google meanwhile updating its public cloud service to obviate the Spectre and Meltdown vulnerability told the publication, "We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts". "Hackers could take advantage of the flaw to obtain consumers' passwords". Fixes for Linux and Windows are already available.

In a statement, released by Apple on Thursday, the company announced, "All Mac systems and iOS devices are affected".

The current updates to MacOS and iOS protect against Meltdown, but Apple said it will look to incorporate better protections against Spectre-type attacks in future updates to those operating systems. It urges users to only download software from trusted sources, i.e. the App Store, and has already released 'mitigations against one of the flaws in its latest iPhone and iPad operating system updates.

Security researchers put out information on the critical bugs online.