Meltdown and Spectre

Hi OLIVIERMIOSSEC,

It is important to understand that the 3 recently discovered vulnerabilities in processor hardware (collectively called Spectre and Meltdown) do not lead to remote code execution. Instead, when used correctly, these vulnerabilities offer information disclosure.
Attackers who want to leverage these vulnerabilities must either craft a malicious web page that runs in the web browser or introduce malware on the endpoint of the victim. Whichever the case, code must be introduced on the endpoint and the delivery can be blocked by even traditional security methods including anti-virus and web filtering.

Although the vulnerabilities are not abused at this time, browsers like Internet Explorer, Edge and Firefox have already received updates to thwart the potential attack vector via the browser.

Sophos Intercept X removes or defends against the attack vectors used by hackers and malware to infect the endpoint with malware. As the new hardware vulnerabilities do not offer code execution, attack vectors other than via the web browser will involve having to compromise the endpoint with malware first before an attacker can leverage a hardware vulnerability. If the attacker abuses another vulnerability in e.g. the browser, Flash or Office, prior or after abusing the hardware bugs, Sophos Intercept X will thwart this attack chain without requiring prior knowledge of the attack.

Other than proof-of-concepts and vulnerability tests, we do not expect that the hardware vulnerabilities are going to be abused in large scale attacks to infect or steal credentials from endpoints. Even though there are no prevalent attacks that abuse the hardware vulnerabilities, Sophos has sent out updates to detect use of proof of concept code in applications or web content.

Hope this helps.

Mark Loman
Director, Engineering Next-Gen Technologies

Hi OLIVIERMIOSSEC,

It is important to understand that the 3 recently discovered vulnerabilities in processor hardware (collectively called Spectre and Meltdown) do not lead to remote code execution. Instead, when used correctly, these vulnerabilities offer information disclosure.
Attackers who want to leverage these vulnerabilities must either craft a malicious web page that runs in the web browser or introduce malware on the endpoint of the victim. Whichever the case, code must be introduced on the endpoint and the delivery can be blocked by even traditional security methods including anti-virus and web filtering.

Although the vulnerabilities are not abused at this time, browsers like Internet Explorer, Edge and Firefox have already received updates to thwart the potential attack vector via the browser.

Sophos Intercept X removes or defends against the attack vectors used by hackers and malware to infect the endpoint with malware. As the new hardware vulnerabilities do not offer code execution, attack vectors other than via the web browser will involve having to compromise the endpoint with malware first before an attacker can leverage a hardware vulnerability. If the attacker abuses another vulnerability in e.g. the browser, Flash or Office, prior or after abusing the hardware bugs, Sophos Intercept X will thwart this attack chain without requiring prior knowledge of the attack.

Other than proof-of-concepts and vulnerability tests, we do not expect that the hardware vulnerabilities are going to be abused in large scale attacks to infect or steal credentials from endpoints. Even though there are no prevalent attacks that abuse the hardware vulnerabilities, Sophos has sent out updates to detect use of proof of concept code in applications or web content.

Hope this helps.

Mark Loman
Director, Engineering Next-Gen Technologies