Meltdown/Spectre


#1

I am sure everyone has heard of this huge issue within the industry. But, I was surprised that the demo program was five lines of JS code. Surprised it can be done in JS in the first place and, second, the malicious code is so short.

Kevin

https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript


#2

Fuller code here:
https://react-etc.net/page/meltdown-spectre-javascript-exploit-example


#3

Amazing. I’m sure there will be updates to install over the next few days!


#4

Could the malicious JS code be mirrored via NS Basic? .


#5

To affect your code, someone would have to find a way to inject it. Modern browsers have pretty good protection against that. (Remember Same Origin Policy? https://en.wikipedia.org/wiki/Same-origin_policy)

You could use it in your own code, however.


#6

Here’s a great article about how it works and what they are doing to fix it. Both Chrome and Safari are based on WebKit.

https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/