Apple users: Learn how to protect your device against security flaws

Intel Meltdown Bug

Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Spectre appears, for now, to be more hard to patch.

Meltdown and Spectre allow the techniques used by processors to speed up their operation to be abused to obtain information about areas of memory not normally visible to an attacker, including encryption keys, passwords and other sensitive data. Microsoft also released a patch and security advisory for Windows, but noted that there is an issue with some "incompatible anti-virus applications" that could leave devices unable to boot and has not pushed the patch to systems with known AV issues.

On Wednesday, Google revealed that there's a big security hole in pretty much every processor, including the one in your phone, the one in your laptop, and the processors running servers "in the cloud".

Not that we know of.

Patching against Meltdown can degrade performance by nearly a third.

While the defect exists in the hardware, mitigations in operating systems are possible and are now available.

The fundamental flaws are present in chips manufactured by Intel, ARM and AMD, which are used in Apple, Dell, HP, Microsoft, Google, Amazon, Linux and Lenovo smartphones, computers and operating systems, among others. You can also go to the settings app on the phone, tap About Device and then tap System Updates to see if an update is available.

These chips are called micro-processors because processor sizes have come down significantly to integrate them into small devices.

We're already seeing this with home routers, digital video recorders, and webcams. The flaw allows hackers to take info from programs that shouldn't be visible outside that program.

The second is that some of the patches require updating the computer's firmware.

Patches deployed to combat the flaws could slow computers by as much as 30% depending on what you're trying to do, according to estimates posted on Linux message boards.

Future chips will also incorporate more protections against these exploits. "As it is not easy to fix, it will haunt us for quite some time", the researchers said, explaining why they chose to call the flaw Spectre. It is working on updates for Safari to protect users against Spectre and expects to release them "in the coming days".

The final reason is the nature of these vulnerabilities themselves.

"Because chip replacements are not going to happen tomorrow, realistically, software is being updated", Sitaram Chamarty, a security researcher at Tata Consultancy Services, told CNNMoney. These vulnerabilities are in the fundamentals of how the microprocessor operates.

The good news is researchers and companies said there is no evidence of these flaws being exploited in the wild. Google and Microsoft have also issued security patches for their Web browsers, computers and smartphones.

Customers who use their own operating systems with Google Cloud services should continue to follow security best practices and apply security updates to their images just as they would for any other operating system vulnerability.

Cisco is the latest company to prepare patches to tackle the serious security vulnerabilities affecting the majority of CPUs, Meltdown and Spectre.

Major tech firms are rushing to patch critical bugs, dubbed "Spectre" and "Meltdown", found in their processors before they can be exploited.

However, experts have said any attacks will more likely be espionage by sophisticated nation state hackers or organised networks targeting companies. These will be similarly impossible to fix, and the only strategy will be to throw our devices away and buy new ones.

Basically, the exploit involves reading memory locations that are supposed to be protected and reserved for use by the computer kernel.

Latest News