A pair of security flaws were published yesterday, that are most likely present in every device you own, could allow hackers to steal information like passwords and other sensitive and personal information. Dubbed “Spectre” and “Meltdown”, these items take advantage of flaws in the design of the processor. Patches for most devices were released almost immediately, which means you need to take the time and fully patch any device/computer you own.
How Spectre and Meltdown Work
The processor vulnerabilities allow them to see the memory inside other programs and services down to the core of the operating system. Your antivirus isn’t going to be able to block that. The “Meltdown” flaw mostly affects Intel-powered machines like your desktop/laptop, while the “Spectre” flaw affects processors from AMD and ARM. That means your smartphone is also likely affected by the processor flaw.
How to Protect Yourself From Meltdown
As mentioned earlier, luckily, most companies issued emergency patches and are ready to be applied, or will be coming soon.
Microsoft: Microsoft has already released an update for Windows 10, and is releasing patches for Windows 7 and 8 soon. If you’re having trouble installing the update, please disable your anti-virus and try again. Advanced users can check if they’re affected by running Microsoft’s verification test in your command line.
Apple: Apple has not commented on the flaw, but Alex Ionescu, Windows security expert, noted a fix was present in the new 10.13.3 update to macOS.
Browsers: Chrome, Firefox, and Edge have all updated or scheduled updates to patch the flaw.
Android: Android users running the most recent version of the mobile OS are protected, according to Google.
How to Protect Yourself From Spectre
While you can protect yourself from Meltdown, it’s harder to defend against the more invasive Spectre flaw. The researchers involved in discovering the two exploits show that software updates to patch the flaws in Spectre are possible, though none are available yet, and may not be able to address the exploit completely without a redesign of the OS and the processor itself.