Update: Meltdown and Spectre show breadth of cyber risks
Security experts weigh in on possible implications of newly discovered security flaws
Meltdown and Spectre vulnerabilities prove the IT industry needs to grasp the ability of advanced threat techniques to scale across all of the computing platforms, impacting both corporate and consumer domains at the same time, a security expert has said.
Steve Grobman, CTO of McAfee, said the disclosure reveals that the scope of implications extends beyond just PCs to servers, cloud, mobile and IoT platforms, and beyond one vendor’s CPU platform to those of multiple vendors. “These methods attack the foundational modern computer building block capability that enforces protection of the OS from applications, and applications from one another. Businesses and consumers should update operating systems and apply patches as soon as they become available,” Grobman said.
Last week, we reported on two security flaws, ‘Meltdown’ and ‘Spectre’ detected in micro-processors which require emergency patches for Windows and other systems. Spectre affects Intel, AMD and ARM processors, while the Meltdown flaw only affects Intel processors.
Security researchers for Google described the security flaws as "serious" and could result in the theft of data.
Tabrez Surve, regional director for F5 Networks said the hardware and software security flaws exposed by the Meltdown and Spectre bugs highlight the importance of robust application security. “Applications are now the gateway to our data, and wherever they go, so too should the corresponding protection. Having the right solutions in place not only minimises risk, but safeguards networks, applications and intellectual property from malicious attacks,” Surve added.