On Tuesday January 5, 2018, the UK based tech website “The Register” (https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw) revealed that a design flaw in nearly all Intel processors as well as some made by AMD & ARM since 1995 could allow malicious software to read data in a computer’s memory which had previously been thought to be inaccessible. Unlike the situation presented by most viruses and malware, these flaws, named Meltdown and Spectre, affect nearly all computerized devices, including smart phones, tablets, laptops, desktop computers and servers, as well as their operating systems. Companies such as Apple (macOS & iOS), Google (Android, Google Apps, Chrome & their Cloud platform), Linux and its variants, as well as Microsoft (Windows) have released, or are in the process of releasing, updates to their products.
As an end user, you may be wondering how this will affect you. First, let us explain the two flaws better. Meltdown (https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability) basically allows specifically crafted software to read any information currently in a computer’s memory, regardless of the application using it. As an example, say you have a spreadsheet open with financial numbers and are at the same time browsing the Internet. If you went to a website that has a script, a form of programming code, on the site which takes advantage of this flaw, it could be possible for data from your spreadsheet to be read.
Spectre, https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) in the end, can have the same consequences of Meltdown; however, it relies on a statistical characteristic of how modern computer processors (CPUs) retrieve data from memory. Of the two, Meltdown has a greater risk to the average user, while Spectre, if exploited by a malevolent program, could affect those companies with datacenters and servers. Because of this issue with Spectre, companies like Amazon, Citrix, Google, and Microsoft have all rapidly been applying patches to their cloud platforms.
What should you do as a computer user? First, as is always the case, make sure you have applied updates to your software. In the case of these two flaws, you will need to seek out patches to things which you may not typically update. On your list should be updates to your antivirus software, to your operating system (Android, macOS, iOS, Linux, and Windows), and to your web browser(s) such as Edge, Internet Explorer, Chrome, Firefox, Safari, and Silk, as well as plugins like Java and Silverlight. Some of the patches maybe be bundled together though Windows Update.
Keep in mind that there have not yet been any published examples of hackers taking advantage of these flaws, but now that they have become public knowledge it is just a matter of time before some tries to exploit them. We encourage you to make an effort to update your software as soon as it is practical. If you would like assistance with this, please call one of our shops, or feel free to stop in at any time.
if you have found this blog post to be informative and useful, we encourage you to forward it along to friends and family! There is a link at the bottom of our website in the footer section where new subscribers can sign up for our weekly blogs, which we offer for free as a way to help educate the community and warn them when there is a serious threat on the loose in the Internet.
As always, let’s be careful out there!
-The PJ Networks Team