Vulnerabilities in modern computers leak passwords and sensitive data

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

https://spectreattack.com/


Comments


[3 Points] obtusifolia:

You need a very precise timer to be able to use the exploit with Javascript. The proof of concept was using a SharedBufferArray to act as a timer but it seems like this has been removed from most of the major browsers already. Try typing "new SharedBufferArray(10)" into your Javascript console to check. For me it doesn't work in Tor, Firefox or Chrome, but it does work in Safari. Also I think the Javascript attack vector would only let you access memory of the current process i.e. the memory of the browser. I don't really install new software very often so I'm only really concerned about the Javascript attack vector in terms of my personal machine.


[1 Points] hellfinger:

https://www.reddit.com/r/sysadmin/comments/7ode4s/problems_with_windows_7_quality_rollup_kb4056894/