What is Meltdown and Spectre
We’re only at the start of 2018 and already we have two security risks to contend with. Meltdown and Spectre are two security vulnerabilities discovered in modern microprocessor chips that may allow attackers to exploit the chips common features and puts your personal data, including passwords, at risk. People are concerned about this troubling revelation and rightly so. Daniel Gruss who is one of the researchers who discovered the Meltdown bug stated that, "it is probably one of the worst CPU bugs ever found”. To be fair to Gruss and the other researchers at Graz University, they did inform Intel about their discovery before releasing their results. It allegedly took Intel a week to respond to the researchers who were then informed, that they were in fact the fourth team to discover a vulnerability, that included the related, but separate, Spectre flaw.
It’s important to understand that, to date, there is no evidence to suggest that any attacks have taken place, however it's a race against time as no doubt, hackers are working on ways to exploit these vulnerabilities. Should an attack take place your passwords and other sensitive data are likely at risk. The image blow shows some information of the two threats.
What should you do?
Processor manufacturers are working with the hardware companies that incorporate their chips in their product lines to release patches and firmware updates, where necessary. Both IBM and Apple have released updates or firmware patches to protect against Meltdown, Spectre attacks. Microsoft have also released a security patch, however there have been reports that some computers using AMD processors have been effected by serious side effects to the update. It is recommended that you check with your device manufacturers website for information on what devices are affected and the steps to take to protect your device. For Apple devices, please click here and for Microsoft devices please click here.
Cyber-crime isn’t going away and I have no doubt that 2018 will throw up some scary new threats. If you want to stay safe, then keep informed. While this particular flaw may allow hackers, backdoor access, most fall victim to cyber-crime as a result of poor practices. Read my earlier piece on how common bad practices are your biggest threat.
John Grennan – IT.ie