“Meltdown” and “Spectre” are major vulnerabilities affecting almost every computer in the world.
UPDATE: All Avast and AVG consumer and business products have been updated to accept the Microsoft patches (see ‘Fixing the Problems’ below).
Details have emerged this week regarding two different—and both substantial—security flaws in almost every computer processor in use today. This affects Windows, Mac, Linux, Android, and iOS. It’s important to note that as of yet, no malware or cyberattack has been associated with these flaws, but now that the information is in the public domain, that could change. Either of the flaws could lead to your computer’s memory being compromised, which means sensitive data—passwords, photos, credit card details—can be accessed and stolen. Here’s a breakdown of the two vulnerabilities:
This flaw affects virtually every Intel-processor based computer, smartphone, tablet, and cloud service. And it is greatly problematic for large cloud-using enterprises like Microsoft and Google. If hackers wanted to exploit this vulnerability, they would rent a virtual server on the shared cloud service, and from there be able to use the flaw to access data from the other cloud users. A patch has been quickly developed to fix this problem, but unfortunately it could slow down your computer; many won’t notice a slowdown but in some specific cases it could be up to 30% slower.
While Meltdown is specific to Intel processors, Spectre affects almost every processor on the market. This vulnerability can be exploited to “trick” your system’s safe programs into leaking sensitive data. The safeguards built into these programs are actually making the applications more vulnerable. The flaw here is inherent in the chips’ designs, and can only truly be fixed by redesigning the hardware. This will come, but it will take time. In the meantime, software patches have been, and continue to be, developed to help prevent Spectre attacks.
There are several solutions in the works to mitigate the Meltdown and Spectre flaws, including OS updates, browser updates, and firmware updates.
These software updates are useful, but to successfully mitigate these vulnerabilities, firmware updates are essential, specifically with the Spectre flaw. Intel has released an update already, but if you have a non-Intel based system, contact your hardware manufacturer to see if updates are available yet. Microsoft has issued this firmware update for its Surface users.
We mean that two ways: keep your eyes on the Avast Blog for updates to this story, and also keep all of your devices updated. That means you need to update and use the latest releases (which will include the latest patches and fixes when available) on all of your devices (computers, smartphones, tablets) for these items:
The news on these security flaws is still developing. Stay informed and, as always, stay protected.
New malware targets accounts at over 2,200 financial institutions
After seven years of development, Avast open-sources its machine-code decompiler for platform-independent analysis of executable files.