Skip to main content
Application Security padlock icon

This post is from the Arxan blog and has not been updated since the original publish date.

Last Updated Jan 24, 2018 — Application Security expert

Meltdown, Spectre prove there are no trusted environments for high-value applications

Application Security

If there’s a lesson from the newly discovered Meltdown and Spectre exploits, it’s that pretty much every company that publishes high-value mobile, desktop or server apps should be doing more to improve its security posture. The two widespread flaws pose an immediate threat to effectively all x86, AMD and ARM processors for Desktop, Android and iOS users. In other words, nearly every cell phone, desktop PC, and server on the market today is vulnerable.

Because Meltdown and Spectre are flaws at the architectural level, anything stored in an application’s protected memory -- encryption keys, user credentials -- can now be exposed. This means anti-virus, anti-malware, perimeter and firewall security won’t be effective; and OS patches have proven challenging to implement thus far.

Systems vulnerable to these exploits should effectively be considered jailbroken or rooted. The bottom line for publishers of high-value apps such as mobile banking, connected medical, connected vehicles or games: your apps are vulnerable to compromise and running in an untrusted environment.

The appropriate response when dealing with zero trust environments? Deploy apps with security designed in them from the start. Secure applications need to be tamper-proof, so bad actors can’t gain access to code to insert malware to exploit these new vulnerabilities. Applications also need integral encryption to prevent other applications from using these new vulnerabilities to access sensitive data.

Arxan’s Application Protection was designed to specifically counter threats to applications when running in zero trust environments. To counter these threats, Arxan code protection includes a layered guard network that protects against static and run-time binary tampering, while Arxan data protection utilizes encryption to protect critical data at rest and in memory.

These new hardware-based vulnerabilities highlight that today’s high-value apps are always running in zero trust environments. Businesses that depend on providing secure applications to their customer base need to expand their security posture to include securing critical assets like code, keys and private data. A reliable protection solution that includes best-in-class, binary code protection and white-box encryption solutions is a must to mitigate today’s security risks.

Arxan Spectre & Meltdown thought leadership in the news:

More from the Blog

View more
Jan 18, 2022

Be aware or beware: Easily insert security into your mobile apps

Application Security
COVID-19 has quickly pushed companies over the technological tipping p ...
Read More
Dec 23, 2021

Using machine learning to detect malicious packages

Application Security
Staying up to date with new technology in today’s advanced digital age ...
Read More
Dec 17, 2021

Log4j: Not the Vulnerability We Want, and Not the Vulnerability We Need

Application Security
Log4j is the reminder we didn’t need: the reminder that vulnerabilitie ...
Read More
Apr 29, 2021

Why better security means better products

Application Security
Over the past 15 years, businesses have learned a lot about the value ...
Read More
Contact Us