Greets, On Mon 15 Jan 2018 12:32, Leah Rowe <i...@gluglug.org.uk> writes:
> The implications [of Meltdown/Spectre] at firmware level are > non-existent (for instance, these attacks can't, to my knowledge, be > used to actually run/modify malicious code, just read memory, so it's > not as if some evil site could install malicious boot firmware in your > system). I agree that it's unlikely that a site could install boot firmware, but AFAIU it's not out of the realm of possibility. The vector I see would be using Meltdown/Spectre to read authentication/capability tokens which could be used to gain access, either via some other RCE vuln or possibly via remote access. Maybe evil code could find an SSH private key in a mapped page, for example, which the evil server could use to SSH directly to your machine. But I admit that it's a bit farfetched :) Andy
