The U.S. tech giant has confirmed that all its iPhones, iPads and Mac computers are affected by two recently disclosed processor flaws called Spectre and Meltdown. This leak could expose some of the most private and sensitive data of a user including personal pictures, videos and even passwords.
Daniel Gruss, one of the researchers at Graz University of Technology who discovered Meltdown, called it “probably one of the worst CPU bugs ever found” in an interview with Reuters.
But the main thing that users need to know is that the computer companies are now or soon will be issuing software updates or “patches”, which will minimise (but possibly not eliminate) potential problems.
As a user of the public cloud, am I more vulnerable to Spectre and Meltdown than others?
Here’s a look at what’s affected, what’s being done about it and whether you should worry.
Two new hardware-based exploits have been publicized: Meltdown and Spectre. “We are in the process of deploying mitigations to cloud services and released security updates on January 3 to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD”, the company said. While both issues can be mitigated, it may be impossible to fix them outright without fundamental changes in hardware architecture from manufacturers.
The company didn’t respond to inquiries about the timing of Krzanich’s divestments, but a spokeswoman told MarketWatch it was unrelated to the security flaws. The company, which has rejected doing a chip recall or other costly remedies, said it has quietly marshaled a coalition of software, hardware and cloud services to develop and deploy programming tweaks that are created to close most of the security gaps. Software groups like Apple and Microsoft had patches ready for Meltdown but not Spectre, which is less easily fixed but also harder to exploit.
While the researchers at Google who discovered the flaw say they have not yet seen any exploits in real life, they have been able to craft proof-of-concept software routines that trigger it. Sony, which has had its own security problems in recent years, hasn’t yet clarified whether PlayStations might be vulnerable, but it is now thought they are not at risk. Intel says it was notified about the bugs in June. The ARM design is also used in Apple’s mobile chips. “Don’t save anything on cloud systems that you wouldn’t want hacked”.
There are limits to what consumers can do now to protect their computers.
There aren’t any processors available at the moment that can replace the vulnerable ones and still provide the same kind of functionality.
That’s not to say nothing can be done.
· Make sure you update your ESET software, then update your Windows OS to protect against this exploit. Patches to address this flaw in Linux systems were released last month. Installing an ad blocker on your web browser is also a safeguard, according to security experts.
Google said its Android phones – which make up more than 80% of the global market – were protected if users had the latest security updates.
The major highlight of the new Firefox version for PC are basically the security fixes to tackle Spectre and Meltdown attacks.