According to Mozilla, "Meltdown and Spectre are remotely exploitable by embedding attack code in mundane JavaScript files delivered via web pages".
Meltdown Summary
What is it?
How does it work?
Who is affected?
Google Project Zero Meltdown & Spectre Research: https://googleprojectzero.blogspot.my/2018/01/reading-privileged-memory-with-side.html
What are the possible exploit scenarios?
Possible Meltdown Attacks
1. Privilege Escalation
Although Meltdown is a read-only threat which does not allow arbitrary execution of code, the impact of Meltdown and its risk comes from the ability to retrieve sensitive data from arbitrary memory addresses.
As a result, any attacker can execute a user process on any unpatched system and dump memory from nearly the entire physical memory, gaining credentials for privilege escalation
2. Container/Paravirtualization Hypervisor Escape
As a result of being able to retrieve data from arbitrary physical memory addresses, confidential data in hypervisor containers can be leaked. A major cause for concern are corporations that utilize cloud services running in virtual operating systems hosted within hypervisors.
Spectre Summary
What is it?
How does it work?
Who is affected?
Google Project Zero Meltdown & Spectre Research: https://googleprojectzero.blogspot.my/2018/01/reading-privileged-memory-with-side.html
What are the possible exploit scenarios?
Possible Spectre Attacks
Exploits can be written in JavaScript and deployed (perhaps in pop-ups or advertisements) to leak browser cache, which may contain confidential information from the victim's visited sites
2. Leaking addresses of user space modules to bypass ASLR
Spectre exploits allow attackers to determine the physical memory address of user modules stored in memory, allowing attackers to bypass ASLR, introducing more threats, because protection against threats that are mitigated by address space layout randomization is broken
Are there patches available for Meltdown and Spectre?
Meltdown | Spectre | |
---|---|---|
Arbitrary Kernel Memory Read | Yes | No |
Practical Exploits Against CPUs | Intel | Intel, ARM, AMD |
Remote Execution | Depends on situation | Definitely |
Arbitrary User Memory Read | Yes | Yes |
Highest Area of Impact | Kernel Integrity | Browser Memory |
Meltdown vs Spectre
References