Not so Happy New Year! The first week of 2018 has kicked off with two major software issues. This affects just about every computer processor in the world. Laptops, desktops, smartphones, are all potentially at risk. These two technical vulnerabilities have been dubbed Meltdown and Spectre. And no, James Bond can’t save the day.
All of this can allow hackers to steal your passwords and all your vital info and data. Some examples are your stored passwords in a password manager or browser, your personal emails, or business-critical documents. While it’s pretty vague to say that all laptops, desktops and smartphones are at risk, we can get into some specifics for those worried about Meltdown and Spectre.
Who is affected and what can you do? Meltdown and Spectre are not the exact same kind of attack, but both pose the same type of risk. Meltdown has only been proofed on Intel processors, so far. While Spectre harms Intel, AMD, and ARM processors. Researchers believe this will not be a “quick fix” and both should be around for some time.
These flaws cannot be fixed with a microcode update, so an OS-level fix is required. An immediate solution is a kernel Page Table Isolation (PTI), which separates the kernel’s memory from user processes. Warning though, this solution increases the kernel’s overhead, potentially causing the system to slow down depending on the task and the model of the processor. It’s believed that these patches mostly deal with the Meltdown fallout. Compared to Meltdown, Spectre is harder to exploit and to fix.
What are the major companies saying about this? Apple acknowledged that all its macOS and iOS devices are affected, although the Apple Watch is not. Earlier in the week they claimed only older product models were at risk and they quickly had to change their tune. Apple released mitigations in iOS 11.2, macOS 10.13.2 and tvOS 11.2 to defend against Meltdown. A Safari update is on its way very soon to combat Spectre.
Google was one of the first to discover Meltdown and Spectre. In their statement, they included fixes for Android, Google Apps, Google Chrome, Chrome OS, and the Google Cloud Platform. Microsoft is one of the companies that most affected, given the massive number of Windows users in the world. Windows 10 computers will be patched on January 9th, as well as other systems.
There’s no other way around it. Meltdown and Spectre can and will affect just about anyone who uses everyday, normal tech devices. So unless you are a part of some anti-tech cult, who follows the teachings of Ted Kaczynski, you need to face this challenge head on.