It’s not even a full week into the new year, and we’ve got two brand spanking new security threats knocking on our door. They’re named Meltdown and Spectre, and they’re here to ruin not just your day but everybody who’s bought a device with a microprocessor in it.
Both exploits take advantage of flaws in the microprocessors that would allow would-be hackers to steal personal information and passwords right off your device.
So what devices are affected by these exploits? Meltdown affects Intel-powered machines while Spectre goes after processors from AMD and ARM. That means basically everything is vulnerable to this destructive double-team.
How do they work?
Both flaws target the way processors handle “speculative executions.” The vulnerability allows hackers to scope out your machine and poke around its memory for things like passwords, encryption keys and pretty much anything else they might want to look at on there.
So is the sky falling? Nope, well at least not yet. There’s still no long-term solution to the problem, but there are some steps you can take to make sure your devices stay safe.
How to protect yourself from Meltdown:
Good news! Microsoft, Apple, Google, and Mozilla have all released patches that have, they claim, taken care of meltdown.
Updates have already pushed to Windows 7 and Windows 10 users. A patch for Windows 8 is in the works and consumers should see it soon. Microsoft notes some users are having trouble installing the patches and recommends you disable your antivirus momentarily (if you’ve got any of the nasty stuff on your machine) before trying to implement the security update.
Ugh, the man in Cupertino’s been busy lately (doing what exactly we don’t know, maybe improving their Quality Assurance workflows), but a fix for Macs is scheduled to appear in macOS 10.13.3. I don’t know when that’s going to be released, but I assume it’ll be relatively soon.
Google and Everybody Else
Google and Mozilla both have either updated their browsers or are planning to do so shortly. If you’re one of the last ten people using Firefox, you can download the latest version now. If you’re a Chrome user like almost everybody else, you can expect an update to drop on January 23.
Google’s also released a system update for Android users. If you’re using stock OS, you should have it already. If not and your software is solicited to you at the whim of the device manufacturer, you might have to wait.
How to Protect Yourself From Spectre:
As of right now, this very moment…it’s not exactly clear that you can.
It’s a lot harder to defend yourself against Spectre. There aren’t any patches out there that’ll do the job for you. It’s starting to look like the only real fix will be to redesign the way operating systems function or microprocessors built.
Yeesh. We know that’s not a great answer. Things are still developing, and we’ll get better information out to you ASAP when it becomes available.