Meltdown & Spectre
The technology giants like Google, Microsoft, VMWare, Apple and Linux have been staying really busy since the beginning of this year. Wondering why? They are busy releasing patches to Meltdown and Spectre, the two infamous security vulnerabilities in the processor chips of Intel, ARM and AMD developed after 1995.
What Are Meltdown & Spectre?
Designated as CVE-2017-5754, the Meltdown affects Intel processors by exploiting a certain function called “speculative execution” that enables computers to speculate what the users are going to ask for next. In the process of lining up these speculations, they provide access to normally isolated data, thus allowing a hacker to gain access by sending a malware into the device.
On the other hand, Spectre is a combination of two more vulnerabilities designated as CVE-2017-5753 and CVE-2017-5715 respectively. These can be exploited by hackers to get access to information stored in the cached files or the memories of running applications. Spectre affects processors from Advanced Micro Devices (AMD), Advanced RISC Machine (ARM) and of course, Intel.
Collectively, both these vulnerabilities have the potential to affect all the devices manufactured after 1995, irrespective of their manufacturers and operating systems. A grave risk that is!
Now, the question is, what are these companies doing to mitigate this tremendous risk of information access and data theft?
They are doing a lot, actually. Read on.
Steps Taken To Mitigate These Risks
Apple has already released patches to its macOS 10.13.12 and iOS 11.2 in December, 2017. Then again, it patched the Safari Browser with a new update recently. So, if an user has the latest Apple software, he/she should not be at risk.
However, Microsoft did not have a smooth sail. Its patches slowed down the performances of its systems to a great extent, about 30%. Therefore, it had to call back some of the versions of its update including the one for AMD chips. But, on a positive note, Microsoft has managed to patch its browsers like Internet Explorer and Microsoft Edge quite effectively. According to the company, Windows 10 is safer from the threats than Windows 7 or 8, making it necessary for users to update their operating systems ASAP.
Also, the search engine giant, Google has released a fix against the Spectre threat called “Retpoline” besides clearing its Chrome Browser off any risk. It has also declared that the latest version of Android is steered clear of all threats with respect to Meltdown and Spectre. There is also a patch available for the Firefox browser besides enabling first-party isolation for an extra layer of protection.
What Should The Users Do?
There has been news that some hackers in Germany have already started spreading fake updates through emails to exploit the vulnerabilities and gain access to the computers and stored data. In this context, if you receive any mail from an unauthorized source or government body asking you to download the update to a software, ignore it. Do not trust anyone except the big brands. These emails can have malware, which may be exploited by hackers to gain access to your system through the existing chip vulnerabilities. Keep an eye out for official updates and avail the same as and when released. That way, you will stay clear of any threats due to the Meltdown and Spectre vulnerabilities.
“Is Your Server Protected?”
“Reach Us For Threat Analyses”