Two major security flaws were revealed by cybersecurity experts on Wednesday, threatening the safety of virtually every gadget and computer that uses processing chips.
These security flaws, dubbed Meltdown and Spectre, could allegedly allow cybercriminals to steal entire memory contents of computers, compromising almost all personal computers, servers running on cloud networks, and even mobile devices.
“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO, Brian Krzanic, was quoted as saying.Newfound #security flaws in CPUs affect nearly all computers today! Click To Tweet
Yes, even smartphones are affected together with nearly every gadget and device that uses microprocessor around the world. Scary isn’t it? But, before you panic, here are some vital information that you should know about Meltdown and Spectre.
Let’s begin with identifying these two CPU security flaws.
What is Meltdown?
Meltdown primarily affects Intel chips and could enable hackers to access everything (credentials and programs) in the memory of a computer by breaking the most fundamental isolation between applications run by users and the computer’s memory itself.
What is Spectre?
Spectre affects Intel, AMD, and ARM chips, allowing hackers to trick error-free programs into leaking their secrets. It is said that the more safety checks a program have, the more it is at risk of being attacked.
Are you affected by the two security flaws?
Nearly everyone who owns a computer, mobile device, or uses cloud computing services around the world are affected by the two security vulnerabilities. That includes you and me.
Meltdown was discovered by Graz University of Technology researcher, Daniel Gruss. In an interview with Reuters, Gruss referred to his discovery as “probably one of the worst CPU bugs ever found.” According to an article from the New York Times, Meltdown is a huge threat to the way cloud-computing systems operate but could be stopped by software patches.
On the other hand, Spectre affects almost all computing devices. While exploiting this bug is no easy feat for hackers, it could not be easily patched, thus posing a bigger problem than Meltdown.
Should we be bothered by Spectre and Meltdown?
At the moment, security experts said that the two security flaws had not been used in any attack. So, there’s no reason yet to panic. However, it is still best to remain vigilant and alert should cybercriminals found a way to exploit these newfound vulnerabilities.
How to Protect Yourself from Spectre and Meltdown Security Flaws
For now, the U.S. government-funded Software Engineering Institute suggests that software updates could be a temporary fix to the problem.
“Because chip replacements are not going to happen tomorrow, realistically, software is being updated,” Sitaram Chamarty, a Tata Consultancy Services security researcher, told CNNMoney.
Currently, Microsoft already released security updates for Windows users and is now working on securing its cloud computing services. Google and Amazon are reportedly doing the same thing for their cloud services.
On Thursday, Apple confirmed that it has already released patches for Meltdown on its various operating systems. The company also said that it plans to issue the same fixes on its Safari browser for added security against Spectre.
So, if you see any software update notification in any of your devices, don’t shy away from hitting that button!