Earlier this week, anybody who uses a smartphone, tablet or PC was informed that the device they entrust with so much information may be at risk from hackers.
But the Spectre and Meltdown flaws could let hackers cut through all the layers of software to violate the very heart of a computer, the processor chip that powers its fundamental workings. Apple users, who may historically have had a reason to feel more secure than others, are all also in the same boat now as Spectre affects almost all computer chips while Meltdown affects only Intel Corp chips. A patch for Chrome browser will be available later this month, and Chromebook users will have to wait for their update to be released. Technology companies quickly began issuing fixes for the flaws this week, or notifying consumers about their timelines for doing so. The flaws affect modern processors including Intel, AMD and ARM that use "speculative execution" to enhance performance. Microsoft said users should check with their computer manufacturers for more information.
"The Spectre attack manipulates the computer into a state where it believes it should do something that it should not do".
Researchers at Google's Project Zero, academic institutions and private companies published their findings on the vulnerabilities Wednesday.
"So this is a very pervasive problem that affects nearly every kind of computerised system from desktop and laptop computers to cloud services and smartphones", said CNET reporter Laura Hautala. The Meltdown and Spectre exploits would theoretically be able to trick that process in order to gain access to privileged data.
Independent researchers separately discovered and named these vulnerabilities "Spectre" and "Meltdown". All the normal security advice still applies: watch for phishing attacks, don't click on odd e-mail attachments, don't visit sketchy websites, patch your systems immediately, and generally be careful on the Internet.You probably won't notice that performance hit once Meltdown is patched, except maybe in backup programs and networking applications.
To update your Windows 10 system, go to Settings Update & Security Windows Update Check for updates. Intel reports that extensive testing has been conducted to assess any impact to system performance from the recently released security updates. Google said its users of Android phones - more than 80 percent of the global market - were protected if they had the latest security updates.
Wait, what if I have an older system that's not getting updates?
Microsoft shipped its own patch for Windows 10 as well as its Internet Explorer and Edge browsers January 3 via its automatic Windows Update system, with patches for older versions coming next week. KPTI better protects that sensitive kernel memory, but because of the aforementioned tradeoff, people were anxious that this solution would cause a noticeable slowdown, particularly for huge cloud providers like Google and Amazon. Microsoft has already issued a patch for its operating system, and others will be following suit.
The meltdown vulnerability, which also affected hardware from AMD, ARM and Qualcomm, allowed malicious actors to gain access to the users' sensitive data, such as passwords. It also plans to release a new update for the Safari browser to mitigate Spectre hacks.
In a statement on its website, Apple said all Mac and iOS devices were affected by both Meltdown and Spectre. The difference this time is that it's not software that's to blame. At the end of the event, though, he was also asked about his reaction to the Spectre/Meltdown security flaws that are haunting the chip industry.
Many types of computing devices, with many different vendors' processors and operating systems are susceptible.
Intel is being taken to court over vulnerabilities in its processors, with plaintiffs in California, Oregon and in all taking legal action against the company.