+44(0)1633 276003 [email protected]
Meltdown & Spectre cybersecurity vulnerabilities

Meltdown & Spectre

So, 2018 has started with dis­closure of two huge cyber­se­curity vul­ner­ab­il­ities, called “Meltdown” and “Spectre”. These are not like most of the “exploits” that hackers use. They affect almost all modern computers.

Sites like MeltdownAttack.com and Defiant.com (pre­vi­ously “WordFence”) have covered the tech details well. So, here’s a sim­plified summary of what non-techies need to know.

Why You Should Care About Meltdown & Spectre

Most vul­ner­ab­il­ities affect software. Meltdown and Spectre affect CPUs — the core com­puter chips — mostly those built by Intel since 1995. So they don’t just affect PCs, or Windows, or Macs, or Linux. They affect com­puters, regardless of what software or oper­ating systems you use. In short — yes, this affects your computer(s) and phone(s). It even affects cloud computers.

So, what do they do?

Put simply, Meltdown lets pro­grams access parts of your com­puter that should be inac­cessible to them. That includes areas of memory that contain sens­itive inform­ation. Spectre lets pro­grams access other pro­grams in ways that they shouldn’t. That could let a hacker trick a well-written, nor­mally secure, program into sharing sens­itive information.

Not good, right?

What Can You Do About This?

First, under­stand that neither anti-malware pro­grams (e.g. anti-virus systems or fire­walls) nor well-pro­grammed software can help much dir­ectly. However, keeping these up to date will limit the ways an attack could reach your machine.

Still, software patches can mit­igate some of the effects of these exploits. Operating System vendors are releasing patches for Windows, Macs (OSX) and Linux through the usual channels. These mostly affect Meltdown. Spectre is harder to exploit, but harder to fix. Software patches for that may be ongoing for some time.

In Conclusion

Keep your Operating System, software and anti-malware pro­grams up to date. That will reduce the risk of attacks based on Meltdown or Spectre affecting you.

Still, the risk will remain on all systems that use the affected chips. It’s early days yet, but if you process sens­itive inform­ation, you may need to switch to com­puters and phones that use less vul­nerable chips. Check MeltdownAttack.com for more detailed inform­ation on this.