What is Meltdown and Spectre?

custom selecting main image-Recovered

 

Meltdown and Spectre are two microarchitecture vulnerabilities that were disclosed to the public recently. These CPU vulnerabilities have been present in most processors shipped over at least the past 10 years, but have only recently come to light following responsible disclosure by Google and other security researchers. Meltdown and Spectre vulnerabilities affect processors present in most modern computing devices, including personal computers, servers, cloud infrastructure, and mobile devices like phones and tablets.

2

How does it affect us?

 

Meltdown

 

The Meltdown vulnerability can potentially allow hackers to bypass the hardware barrier between applications and kernel or host memory. A malicious application could therefore access the memory of other software, as well as the operating system. Any system running on an Intel processor manufactured since 1995 (except Intel Itanium and Intel Atom before 2013) is affected.

 

Spectre

 

The Spectre vulnerability has two variants. These vulnerabilities break isolation between separate applications. An attacker could potentially gain access to data that an application would usually keep safe and inaccessible in memory. Spectre affects all computing devices with modern processors manufactured by Intel or AMD, or designed by ARM*.

*ARM processors are the dominant computing platform for the vast majority of mobile devices, including phones and tablets from Apple, Google, Samsung, HTC, etc.

3

How to protect against the Meltdown and Spectre CPU security flaws

 

 

How to fix Meltdown and Spectre CPU security flaws on Android phones

 

Android phones from other manufacturers may take longer to get the update –
though, hopefully due to the attention Meltdown and Spectre are getting, most manufacturers won’t take too long to implement the update.

Open the settings app on your Android smartphone, go to ‘System’ and see if you can find new updates waiting for you. It may also be worth following your phone manufacturer on Twitter to keep up with news about the update.

 

How to fix Meltdown and Spectre CPU security flaws on iPhone

 

Apple has released ‘mitigations’ for Meltdown in iOS 11.2, so make sure you keep an eye out for any new updates made available for iOS on your iPhone or iPad, and go into ‘Settings’ to check what version of iOS you are running.

Apple has also released iOS 11.2.2 which you should download and install immediately. Go to Settings > General > Software Update and download any update that’s waiting for you.

 

How to fix Meltdown and Spectre CPU security flaws on Windows PCs

 

Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors. Windows 10 should download the update automatically, but to be sure, type ‘windows update’ in the search bar of the taskbar, and select ‘Check for updates.’ Download and install any new updates it finds.

 

How to fix Meltdown and Spectre security flaws on Macs

Macs have also been affected by Meltdown and Spectre, Apple has already released a series of fixes in macOS 10.13.2, so keep an eye out in the Mac App Store for any updates to OS X or macOS, and make sure you’re running the latest version of the operating system.

 

How to fix Meltdown and Spectre security flaws on Chromebooks

 

If you have a recent Chromebook, then you should be automatically protected from Meltdown and Spectre, as Google released Chrome OS version 63 in December, which has features included to avoid these flaws.

If you want to know if your Chromebook is updated to version 63, or if an update is coming, check out Google’s list of Chrome OS devices, and check that it says ‘yes’ in the last column.

 

 

 

Conclusion

 

Spectre and Meltdown represent serious security vulnerabilities; the full potential of their possible impact is still developing.

To protect yourself, be vigilant in updating your operating system software as patches are released by vendors and continue to monitor communications related to the Meltdown and Spectre vulnerabilities.

Christopher

Christopher is part of Aura-Tech's 360IT onsite tech support team. Catch him at croopa@auratechtt.com.

This entry has 0 replies

Comments are closed.