We have rung in the new year with a major security issue being announced. Two security flaws dubbed Meltdown and Spectre have been discovered that allow processor exploits to steal sensitive information like passwords and financial information from nearly any device (computer, laptop or smartphone etc.) made in the past 20 years. Scary indeed.
The flaws were actually discovered last June but their announcement to the public was delayed so major tech firms could find a fix to the issue. The issues allow an attacker to steal information directly from memory. Modern day processors are able to maximize performance by trying to anticipate what the next instruction will be and execute the code. In most cases this works well and when the next instruction is not what is anticipated the code is simply rolled back. When this happens bits and pieces of the code are left in the cache so it can be accessed later but this information is able access anything within the system.
Meltdown can read the information from the memory. Spectre is able to get information for other running processes. Originally the issue seemed to be only with Intel chips but it has also been found with ARM and AMD processors as well. Both of the vulnerabilities are different and will require different fixes that will affect processors and computers differently. The tech companies have their hands full.
This has been devastating news and software companies are working to find a fix. The discoverers of the issue gave tech firms until January 9 to find a fix before going public about it and this left many companies scrambling. Microsoft issued an emergency patch followed by patches being made available for Apple and for LINUX. Due to the rushed nature there have been some issues with these fixes like compatibility issues with antivirus programs and by slowing processing speeds down dramatically. For Intel’s CEO Brian Krzanich there may be bigger issues since he allegedly sold off $24 million in company stock last November. That will be sure to attract someone’s attention as Intel stock did a huge nosedive the day the problem was announced. This exploit has been a major issue for any system that is on the cloud but Google and Amazon, two of the largest cloud computing firms, have fixed the issue on their end.
So what should you do. First off there is no real need for concern. Updates are being released or have already been released for Meltdown so the best thing that you can do is to make sure that all of your devices have their software and firmware updated. Spectre will prove to be much more difficult and may be impossible as changes to the hardware may be necessary. Experts are recommending people begin using two-factor authentication for logins to smartphones and emails and a secure password manager with a strong password that can create a password for you. They also recommend that anyone using an operating system that has reached its zeroday that it is time to stop using that.