Protect Yourself From Meltdown And Spectre, The Latest Processor Security Flaws

There are a pair of security flaws present in nearly every device you've got that could allow hackers to steal information like passwords and other personal information. The exploits, Spectre and Meltdown, take advantage of actual flaws in the design of your device's microprocessor.

Image credit: Handout/Getty

Your computers, smartphones, and other devices might be affected or slowed down for years to come, but there are already patches available from companies to protect yourself at least partially from the immediate threat while a long-term solution is figured out.

How Spectre and Meltdown Work

The processor vulnerabilities, Meltdown and Spectre (the latter being a pair of two similar vulnerabilities), essentially target the way processors optimise certain actions, a function known as "speculative execution". That vulnerability allows them to see the memory (including personal information) inside other programs and services down to the core of the operating system.

Your antivirus isn't gonna fix that. The Meltdown flaw mostly affects Intel-powered machines like your desktop or MacBook, while the Spectre flaw affects processors from AMD and ARM. That means your smartphone is also likely affected by the processor flaw.

How to Protect Yourself From Meltdown

The Meltdown flaw, luckily, is already being patched by companies like Microsoft and Google. To ensure you're up to date, follow the instructions for your operating system.

Microsoft: Microsoft has already released an update for Windows 10 patching the vulnerability and is releasing patches for Windows 7 and Windows 8 soon. If you're having trouble installing the automatic security update, Microsoft suggests your anti-virus might be the culprit.

If so, turn off your anti-virus program and use Windows Defender or Microsoft Security Essentials (or edit your registry if you're confident you won't mess it up). If you're on Windows 10, chances are you've either automatically downloaded the update, or are scheduled to update on a set schedule.

Advanced users can check if they're affected by running Microsoft's verification test in your command line.

Apple: While Apple has yet to comment on the flaw, Alex Ionescu, Windows security expert, noted a fix was present in a new 10.13.3 update to macOS.

Browsers: Google Chrome, Mozilla's Firefox, and Microsoft Edge have all updated or scheduled updates to patch the security flaw. You can update Google Chrome to its latest, patched version on January 23, or download Firefox's latest update.

Android: Android users running the most recent version of the mobile operating system are protected, according to Google.

How to Protect Yourself From Spectre

While you can protect yourself from Meltdown, it's harder to defend against the more invasive Spectre flaw. According to researchers involved in discovering and reporting on the two exploits, software updates to patch particular flaws in Spectre are possible, though none are available yet, or are able to address the exploit completely without a redesign of the operating system and the microprocessor itself.

WATCH MORE: Tech News

Comments

    Android really needs to get their crap together in terms of security updates.

    All good and well if you have a nexus/pixel device, but most companies leave their phones in the dark for weeks/months when a security patch is available.

    Android should take pushing "core" security pathes into their own hands and let the companies sort out their own device specific security and feature updates.

    I have 4 android devices in my house that havent seen a single OTA update in over a year (phone,tablet,tv-box,TV), not too keen to jump up and buy about +5k worth of stuff simply because the companies abandoned the devices.

      For the most part, patching may not be necessary if the devices aren't going to have dodgy apps/websites loaded on them.
      But I suspect more of a driver is that not having to keep updating old kit keeps costs down.

      Last edited 05/01/18 2:27 pm

        Looks like since Android 8 (Oreo), they have introduced "project treble" which seperates the OS layer from the Hardware layer of android allowing for phones to recieve OS/security updates unbaised to what the phone is.

        www.androidauthority.com/project-treble-818225/amp/

Join the discussion!