3 stories
today

Meltdown and Spectre: A closer look at the recent CPU security flaws and how to protect yourself

Yesterday, design flaws in Intel, AMD and ARM processors made headlines and pushed Microsoft, Intel and others to quickly address the growing security concerns. The Redmond giant released yesterday an emergency update with kernel fixes to protect Windows users from the security flaw, highlighting that the security exploit is serious but hasn’t been actually used for now.

We’ve since learned that this “chipgate” is actually about two critical vulnerabilities in modern processors called Meltdown and Spectre. The Graz University of Technology, which contributed to these two discoveries has just published a dedicated website with lots of information on the security flaws. To start, here is what you need to know about Meltdown and Spectre:

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

At the time of this writing, we known that almost every Intel processor released since 1995 is potentially affected by Meltdown, but it’s still unclear if ARM and AMD processors are vulnerable. As for Spectre, which is harder to exploit than Meltdown but also harder to mitigate (there is still no fix for it), it affects all modern Intel, AMD and ARM processors.

The security patch that Microsoft released yesterday is just for Meltdown, and it also includes some specific fixes for Microsoft Edge and Internet Explorer 11. We invite you to install this emergency update as soon as possible, though Microsoft explained yesterday that some versions of anti-virus software may block the installation of the patch. The company detailed some workarounds on this page.

Microsoft was pretty quick to do its part of the job in comparison to Apple, which has yet to detail its plans to address the two security flaws. Intel also explained in a press release yesterday that it has “begun providing software and firmware updates to mitigate these exploits.” As noted by The Verge, the company has also released a detection tool that can tell you if your PC needs a firmware update for additional hardware protection.

“Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively,” the chip maker said yesterday. Even if we still don’t know if Meltdown or Spectre have already been abused in the wild, Intel will have to share more details about how it plans to roll out firmware updates Windows PCs going forward. In the meantime, the company is inviting consumers to check with their system manufacturer for updated firmware.

Further reading: , , , , ,

Are you worried by these two critical vulnerabilities?