Insights, Security

Major Cyber Security Flaws: “Meltdown” & “Spectre”

Major security flaws have been found within nearly all computer & smartphone CPUs (Central Processing Units). These flaws, nicknamed “Meltdown” & “Spectre” can potentially allow personal and confidential stored data deep inside computer systems to be exposed.

These security flaws have sent waves across the tech community as well as causing a rift between major corporations such as Apple & Intel. It has been released that Intel’s CEO, Brian Krzanich was made aware of the chip vulnerability by a team of Google experts in 2017 before they proceeded to sell over $20 million dollars of their stock.

It has been stated that Intel made no attempt to warn companies such as Apple, Microsoft & Linux that there was a fundamental flaw in a key component of their products. This has left companies like Microsoft scrambling to put emergency updates together to help the situation.

“Meltdown” & “Spectre” – The differences

Meltdown takes advantage of the flaw in the computer processor to allow hackers access to information at kernel* level. This is the protected, very central module of an operating system which holds critical information such as: photos, passwords, documents and other sensitive data. Meltdown provides a passage for potential hackers to access your computer’s core memory and information.

Spectre is different and considered more devastating than Meltdown. This is because, unlike Meltdown, Spectre cannot be alleviated by any software updates or patches. The problem is deeply rooted within the design of the processor that not only affects Intel CPUs but also ARM, AMD and other chip manufacturers. According to some experts to fix the issue, it may be that the chip has to be completely redesigned.

Who’s affected?

The short answer? Pretty much everyone

The security vulnerabilities are found in “Intel” “AMD” and “ARM” computer processors which means that nearly all PC’s, tablets, smart phones and laptops are vulnerable – regardless of manufacturer or operating systems.

How do I protect myself?

Companies such as Microsoft and Linux are working on security updates and patches, known as KPTI (Kernel Page Table Isolation) or, among the more jovial of you, The KAISER Update (Kernel Address Isolation to have Side-channels Efficiently Removed).

If you are looking for solutions to alleviate the problems, see our 3 steps below. However, this is only to alleviate the Meltdown flaw. As stated earlier, the Spectre flaw will be much more difficult to overcome.

  1. Update your web browser to the latest version
  2. Ensure that KB4056892 is installed on your Windows 10 PC
  3. Consult your PC’s OEM website for support information and apply any critical firmware updates as soon as possible

if you want to know more on how your device has been affected, the following advice has been referenced from CNET‘s recent “How To” article.

Windows PC

This is the tricky one. Microsoft have created an emergency security update to help alleviate the flaw. However, if you are running a third-party anti-virus software, there’s a possibility that you have not seen the patch yet.

The best advice? Ensure your computer is running the latest Windows 10 updates along with any updates from your PC manufacturer, such as Dell or Lenovo.

Android Phone Users:

New security updates for your android phone will be available soon – Jan 5th 2018 to be exact.

For the users of the Google branded phones (such as the Nexus), you’ll need to wait until your phone automatically downloads the new update.

In more general terms, the speed you will receive the security patch is dependent on who manufactured your phone, or who your cellular carrier is.

Web Browsers

Microsoft, Google and Mozilla are all issuing patches for their browsers.

Firefox 57, Internet Explorer and Edge all include a security fix, as do the latest versions of Internet Explorer and Edge for Windows 10.

Google says it will roll out a fix with Chrome 64 which is due to be released on January 23rd.

Apple

Apple is yet to comment on the situation. But we’ll keep you updated.

Update (04/01/17) – Apple have implemented a partial fix for the issue with their macOS 10.13.2 and further fixes will be added to the upcoming 10.13.3 update.

The good news? 

Google claims that the following products are not affected: Google Home, Google Chromecast, WiFi, OnHub, Gmail, Google Apps & Services.

Meltdown & Spectre Security Flaws

Kyla Keating - ClearView Communications
Kyla Keating

Kyla Keating is a dynamic and results-driven Marketing Executive at ClearView Communications, where she plays an integral role in shaping the company's marketing strategies, brand presence, and creating well researched, high quality content. With her passion for creativity and keen eye for detail, Kyla is dedicated to delivering useful articles and company updates that elevate ClearView's reputation as a leader in the fire and security industry.