如何应对Meltdown和Spectre处理器安全漏洞

最近Intel的CEO开始不寻常地疯狂卖股票,原因竟然是……

最近由Intel和处理器竟然有非常严重的安全漏洞Meltdown,不过还有个漏洞Spectre几乎所有Intel、AMD、ARM的处理器都有,这个是无法避免的,不过它难以利用。不过Meltdown危害性就大了,软件可以通过该硬件漏洞访问系统内存,窃取隐私信息。

安全漏洞相关信息

Meltdown

(CVE-2017-5754)

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre

(CVE-2017-5715/CVE-2017-5753)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.

现状

全世界计算机几乎都将会受到影响

Windows

系统已经发布更新,但是速度会变慢5%-20%。

系统版本 链接
Windows 10 1709 KB4056892
Windows 10 1703 KB4056891
Windows 10 LTSB 2016 KB4056890
Windows 8.1 with Update KB4056898
Windows 7 SP1 KB4056897

Linux

只需要更新到最新内核即可修复漏洞,性能仍然会受到影响。

MacOS

已经发布了修补补丁,只需安装即可(MacOS 10.13.3 High Sierra),性能仍会受到影响

本文距离最后一次更新已超过180天,部分内容可能会随着时间的推移变更或失效。

仅有 1 条评论
  1. snake

    影响性能还是算了吧......

    snake | | Windows 7 x64 Edition | Google Chrome 63.0.3239.132

此处无声胜有声