2 major security flaws are affecting millions of phones, computers – here's what you should do

The vulnerabilities are called Meltdown and Spectre, and take advantage of a flaw in the processor.
Author:
Publish date:
Social count:
33
The vulnerabilities are called Meltdown and Spectre, and take advantage of a flaw in the processor.

What the heck is happening?

There are these two flaws that security researchers found, that affect millions of computers, laptops, cloud servers and smartphones made over the past couple decades. 

These flaws – one called Meltdown, the other Spectre – could let someone access basically anything in a device's memory. That means passwords, photos, text messages, documents, and more. 

That doesn't sound great

It's not ideal, though not every single device ever created is at risk. Just a lot of them.

Basically every modern device that uses an Intel brand processor (one from 1995 or later, the researchers say) can be exploited by both Meltdown and Spectre.

Those with AMD and ARM processors are also exploitable by Spectre, the researchers found. Those processors might be susceptible to Meltdown as well, but researchers haven't verified it yet.

But these chips are so widely used, that the researchers say everyone is "most certainly" affected by these bugs.

Has anyone been attacked with these?

Technically unknown. But the researchers and companies including Microsoft said they don't have any indication at this point the flaws are being abused out in the wild.

How do these exploits work?

This gets very technical, very complicated. 

So we're going to hand it off to sites like ArsTechnica, which explains how Meltdown "uses speculative execution to leak kernel data to regular user programs." 

And ZDNet, which says Spectre can " break down a fundamental isolation that separates kernel memory ... from user processes" in order to "trick apps into leaking their secrets."

The original Google Project Zero research blog outlining the threats is here.

OK, so what should I be doing?

This one we can answer: Update everything whenever possible.

The Windows, OSX and Linux operating systems have received patches to fix the Meltdown flaw. (Microsoft says if you didn't get it, there's a problem with the anti-virus software you're using – details here.)

Firmware vendors (that's the software embedded into the physical hardware) will have to issue their own fixes for Meltdown too, so keep an eye out for update alerts from manufacturers too.

Meltdown attacks could even come in through an internet browser. Firefox has issued a fix, Chrome has one in the works for Jan. 23,  Safari hasn't said anything as of Thursday afternoon, according to Popular Mechanics.

You'll notice Spectre hasn't been mentioned. That's because the flaws are so deeply embedded that they're "not easy to fix," the researchers said, adding, "It will haunt us for quite some time."

As the New York Times put it, it could require redesigning the processors altogether.

How do I find what type of processor I have?

Mac laptops/computers:

Go to About This Mac in the Apple menu, and the processor should be listed there.

Windows laptops/computers (h/t Computer Hope):

Right click My Computer and select properties. In the window that pops up (usually "System" or "Sstem Properties", it should show you the processor type.

Smartphones/tablets:

This is trickier, because you usually need to download an app of some sort to tell you exactly. Our best suggestion? Google it, and as specifically as you can, with the device's name and model number.

Related Articles