Jump to content
Sign in to follow this  

Meltdown and Spectre CPU flaws threaten PCs, phones and servers

Recommended Posts

Remember Intel proc bug?

By now you've probably heard about a bug Intel is dealing with that affects processors built since 1995. But according to the people who found "Meltdown" and "Spectre," the errors behind these exploits can let someone swipe data running in other apps on devices using hardware from Intel, ARM and AMD. While server operators (like Amazon) apply Linux patches to keep people from accessing someone else's information that's being executed on the same system, what does this mean for your home computer or phone?

Google's Project Zero researchers identified the problems last year, and according to its blog post, execution is "difficult and limited" on the majority of Android devices. A list of potentially impacted services and hardware is available here, while additional protection has been added in the latest Android security update.

In a statement, Microsoft said: "We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD." In a blog post directed towards customers on its Azure server platform, the company said its infrastructure has already been updated, and that a "majority" of customers should not see a performance impact.

Apple has not publicly commented on the issue, however security researcher Alex Ionescu points out that macOS 10.13.2 addresses the issue and said that the 10.13.3 update will include "surprises."

According to AMD, "Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time," however it has promised further updates as the information comes out. As for ARM, it says most processors are unaffected but it has specific information on the types that are available here.

So what does this mean for you? On your devices the prescription is the same as always -- make sure you have the latest security updates installed and try to avoid malware-laden downloads from suspicious or unknown sources.

Update: We've seen a slew of other announcements join the parade, including details from Microsoft on its Windows patches. One thing to be aware of is that the update is only going out if users are running "compatible" antivirus software, so if it doesn't show up for you then that could be the reason.

Another consideration is that this attack could be executed via a malicious webpage loaded in your browser, so there's an update for Internet Explorer too. Google noted that turning on Site Isolation in Chrome will mitigate potential attacks, and also said that when it releases Chrome 64 later this month, it will contain protective updates. The folks at Mozilla have confirmed that browser-based attacks are possible, and are taking measures to reduce that possibility starting with version 57 of Firefox.

Separately, VMware has updated its products to address the issue.




Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.