About me: software developer who is into JavaScript and NodeJS and constantly working on one or another side project and/or open source. I have a blog at https://alex-rudenko.com
I wonder if it has been exploited by someone before it became widely known. How likely is it that black hats/govts could know about it and use it secretly?
Speaking on CNBC, Intel’s Krzanich said Google researchers told Intel of the flaws “a while ago” and that Intel had been testing fixes that device makers who use its chips will push out next week. Before the problems became public, Google on its blog said Intel and others planned to disclose the issues on Jan. 9. Google said it informed the affected companies about the “Spectre” flaw on June 1, 2017 and reported the “Meltdown” flaw after the first flaw but before July 28, 2017.
I haven't heard of any exploits in the wild yet. Although, keeping vulnerabilities secret to use as zero-day attacks is the standard operating procedure of the NSA. And if the NSA knows about it, black hats probably know about it too. I would actually be surprised if that wasn't the case.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This has to be the worst vulnerability I've ever heard of. It takes advantage of a layer between apps and data that users expect to be totally secure.
I wonder if it has been exploited by someone before it became widely known. How likely is it that black hats/govts could know about it and use it secretly?
From the Reuters article:
I haven't heard of any exploits in the wild yet. Although, keeping vulnerabilities secret to use as zero-day attacks is the standard operating procedure of the NSA. And if the NSA knows about it, black hats probably know about it too. I would actually be surprised if that wasn't the case.