Meltdown and Spectre - Explained

Meltdown and Spectre are vulnerabilities in modern computers that leak passwords and sensitive data.

The talk of the town is about a newly discovered form of a security threat -Meltdown and Spectre that involves attackers exploiting common features of modern microprocessors that power almost every gadget like our computers, tablets, smartphones etc.

It’s not a physical problem with the CPUs themselves or a plain software bug you might find in an application like Word or Chrome. It’s in between, at the level of the processors’ “architectures,” the way all the millions of transistors and logic units work together to carry out instructions.

In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.


The vulnerability basically melts security boundaries which are normally enforced by the hardware.That is why it is called as Meltdown.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.


The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.


Post a Comment