4QuartersIT: Blog
MELTDOWN & SPECTRE
4QuartersIT is here to help you in any way we can. Contact us to secure your devices.
What is the security flaw and what devices are at risk?
Cyber-security professionals have identified a security flaw which would allow an attacker to steal personal information directly from a device’s CPU. We are still learning the extent of the potential impact; however, many researchers are claiming that the flaw could exist in nearly every CPU created in the past two decades. Initially thought to be isolated to Intel processors, further testing has shown similar vulnerabilities in AMD and ARM processors. This means that, in addition to computers, laptops and servers, the flaw also affects tablets, mobile phones and cloud devices. Security professionals have created a site called https://meltdownattack.com/ to share information about the vulnerabilities (the vulnerabilities have been dubbed “Meltdown” for the Intel processor flaw and “Spectre” for a similar flaw affecting Intel, AMD, and ARM processors).
What do I need to do to protect myself?
In a word: Update. Organizations are rapidly generating patches to prevent further exploitation of these vulnerabilities. Major web browsers like Google Chrome, Firefox and Microsoft Edge are pushing out updates to these products to prevent web based attacks. There are OS patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre. Updates should be applied to all operating systems and web browsers without delay. As development of the patches will take some time, and may require multiple attempts to perfect, it is recommended that end users check for updates on their devices frequently over the next few weeks to be sure that all necessary patches have been applied.