+44(0)1633 276003 [email protected]
Meltdown & Spectre cybersecurity vulnerabilities

Melt­down & Spectre

So, 2018 has star­ted with dis­clos­ure of two huge cyber­se­cur­ity vul­ner­ab­il­it­ies, called “Melt­down” and “Spectre”. These are not like most of the “exploits” that hack­ers use. They affect almost all mod­ern com­puters.

Sites like MeltdownAttack.com and Defiant.com (pre­vi­ously “Word­Fence”) have covered the tech details well. So, here’s a sim­pli­fied sum­mary of what non-tech­ies need to know.

Why You Should Care About Meltdown & Spectre

Most vul­ner­ab­il­it­ies affect soft­ware. Melt­down and Spectre affect CPUs — the core com­puter chips — mostly those built by Intel since 1995. So they don’t just affect PCs, or Win­dows, or Macs, or Linux. They affect com­puters, regard­less of what soft­ware or oper­at­ing sys­tems you use. In short — yes, this affects your computer(s) and phone(s). It even affects cloud com­puters.

So, what do they do?

Put simply, Melt­down lets pro­grams access parts of your com­puter that should be inac­cess­ible to them. That includes areas of memory that con­tain sens­it­ive inform­a­tion. Spectre lets pro­grams access oth­er pro­grams in ways that they shouldn’t. That could let a hack­er trick a well-writ­ten, nor­mally secure, pro­gram into shar­ing sens­it­ive inform­a­tion.

Not good, right?

What Can You Do About This?

First, under­stand that neither anti-mal­ware pro­grams (e.g. anti-vir­us sys­tems or fire­walls) nor well-pro­grammed soft­ware can help much dir­ectly. How­ever, keep­ing these up to date will lim­it the ways an attack could reach your machine.

Still, soft­ware patches can mit­ig­ate some of the effects of these exploits. Oper­at­ing Sys­tem vendors are releas­ing patches for Win­dows, Macs (OSX) and Linux through the usu­al chan­nels. These mostly affect Melt­down. Spectre is harder to exploit, but harder to fix. Soft­ware patches for that may be ongo­ing for some time.

In Conclusion

Keep your Oper­at­ing Sys­tem, soft­ware and anti-mal­ware pro­grams up to date. That will reduce the risk of attacks based on Melt­down or Spectre affect­ing you.

Still, the risk will remain on all sys­tems that use the affected chips. It’s early days yet, but if you pro­cess sens­it­ive inform­a­tion, you may need to switch to com­puters and phones that use less vul­ner­able chips. Check MeltdownAttack.com for more detailed inform­a­tion on this.