The CPU bugs, better known as Meltdown and Spectre, in the last hours have created a certain alarmism as it seems that on the basis of these flaws the first ad-hoc malwares have been identified. According to tests conducted by various sources including researchers, testers and antivirus vendors, as many as 139 malware samples have been detected that appear to be early attempts to exploit the mentioned bugs. However, it should be pointed out that the samples released in these days are nothing more than Proof-of-Concept (PoC), i.e. drafts of possible attack methods that at present only demonstrate the potential feasibility of attacks. Basically, so far, no working exploit code has been detected and no attack leveraging Meltdown and Spectre vulnerabilities has ever been successful. In addition, most of the samples identified on the net are just recompiled versions of already known PoCs; in any case, this is a discovery that should be publicized.

There are still no big news on the front of the updates, they are in fact confirmed the criticality detected in recent weeks and relating to the slowness and abnormal reboots. The advice for the time being is to just update all web browsers installed on your system to the latest version: threats may come from the web browser in the future by loading malicious JavaScript code. If the browser is secure, malicious code should only be installed as a result of a user “click” (e.g. on an attachment or a malicious file downloaded from the network).

News is being updated.

Sara Avanzi