Earlier this month, computer security expects dropped a bombshell on the internet. A pair of vulnerabilities titled Spectre and Meltdown that date back to 1995 were putting a wide variety of computers, smartphones and internet browsers at risk.
Since then, companies such as Microsoft and Apple, along with chip-makers such as Intel and AMD, have been racing to release patches, but it hasn’t been the smoothest process. Over a week later, the effort to fix these exploits is far from finished. Here’s a rundown of what you need to know about the state of Spectre and Meltdown patches.
What Are Spectre and Meltdown?
If you’re still a little unclear about what these exploits actually do, here’s a quick explanation.
Spectre and Meltdown both rely on something called “speculative execution”, which is when your computer tries to guess what you’ll do next so it can perform that task faster. Because of the way this data is stored, it creates a vulnerability that could give hackers access to other private information on your computer.
Meltdown primarily affects Intel processors, which power a ton of computers including Apple’s MacBook lineup. Spectre, which actually refers to two separate vulnerabilities, can affect chips from Intel, AMD and ARM. That covers desktop computers as well as smartphones.
The Current State of Patches
For the most part, major companies such as Google, Microsoft and Apple were able to get out ahead of these vulnerabilities before they were publicly announced. Apple released patches with macOS 10.13.12 and iOS 11.2 back in December. Earlier this month, Apple also patched its Safari browser with a new update. So as long as you’re running the latest Apple software you should be safe.
Microsoft’s efforts haven’t gone quite as smoothly. The company was actually forced to recall some versions of its patch, including the one for AMD chips, after they stopped some computers from working.
On the plus side, Microsoft already patched its Internet Explorer and Microsoft Edge browsers, and the company says Windows 10 is safer from Spectre and Meltdown than Windows 8.1 or 7. So it may finally be time to update your operating system if you haven’t already.
Google also released a fix for Spectre called Retpoline, and the company says a patch for its Chrome browser is coming on January 23. In the meantime the company suggests turning on site isolation as a stopgap solution. As for Android, Google claims that the latest version of its software is safe from Spectre, but if your device is too old to get the update you’re basically on your own.
Finally, if you’re using a Firefox browser there’s a patch for you to download, though the company also recommends enabling first-party isolation for extra protection.
What to Look Out For
If you’re still waiting for a patch to protect you from Spectre and Meltdown, there are a few things to watch out for.
Some hackers are already taking advantage of the situation to spread fake updates that actually install malware on your computer. It already happened in Germany, with phony emails designed to look like they were from a government agency. So don’t download any patches unless they come directly from a company you trust such as Microsoft or Intel.
Ars Technica also warns that researchers are dangerously close to weaponising Spectre and Meltdown, which means hackers are probably pretty close too. So if you’re still waiting for a patch, keep an eye out for any official updates that could keep you protected before it’s too late.
Comments