What’s the Deal with Meltdown and Spectre?

by

January 5, 2018

It’s not even a full week into the new year, and we’ve got two brand spanking new security threats knocking on our door. They’re named Meltdown and Spectre, and they’re here to ruin not just your day but everybody who’s bought a device with a microprocessor in it.

Both exploits take advantage of flaws in the microprocessors that would allow would-be hackers to steal personal information and passwords right off your device.

So what devices are affected by these exploits? Meltdown affects Intel-powered machines while Spectre goes after processors from AMD and ARM. That means basically everything is vulnerable to this destructive double-team.

How do they work?

Both flaws target the way processors handle “speculative executions.” The vulnerability allows hackers to scope out your machine and poke around its memory for things like passwords, encryption keys and pretty much anything else they might want to look at on there.

So is the sky falling? Nope, well at least not yet. There’s still no long-term solution to the problem, but there are some steps you can take to make sure your devices stay safe.

How to protect yourself from Meltdown:

Good news! Microsoft, Apple, Google, and Mozilla have all released patches that have, they claim, taken care of meltdown.

Microsoft

Updates have already pushed to Windows 7 and Windows 10 users. A patch for Windows 8 is in the works and consumers should see it soon. Microsoft notes some users are having trouble installing the patches and recommends you disable your antivirus momentarily (if you’ve got any of the nasty stuff on your machine) before trying to implement the security update.

Apple

Ugh, the man in Cupertino’s been busy lately (doing what exactly we don’t know, maybe improving their Quality Assurance workflows), but a fix for Macs is scheduled to appear in macOS 10.13.3. I don’t know when that’s going to be released, but I assume it’ll be relatively soon.

Google and Everybody Else

Google and Mozilla both have either updated their browsers or are planning to do so shortly. If you’re one of the last ten people using Firefox, you can download the latest version now. If you’re a Chrome user like almost everybody else, you can expect an update to drop on January 23.

Google’s also released a system update for Android users. If you’re using stock OS, you should have it already. If not and your software is solicited to you at the whim of the device manufacturer, you might have to wait.

How to Protect Yourself From Spectre:

As of right now, this very moment…it’s not exactly clear that you can.

It’s a lot harder to defend yourself against Spectre. There aren’t any patches out there that’ll do the job for you. It’s starting to look like the only real fix will be to redesign the way operating systems function or microprocessors built.

Yeesh. We know that’s not a great answer. Things are still developing, and we’ll get better information out to you ASAP when it becomes available. 

Carl Keyser is the Content Manager at Integris.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...