The internet is like a bomb these days, everybody trembling about the 2 major vulnerabilities that were found in the CPU. But what, exactly, is going on — and what can you do to protect yourself?
First of all we should point out that major companies started to create patches for their devices and to make sure we get as little devices affected as possible, but that does not mean that we are out of the woods already. Let’s dive into this and explain it for everybody.
One of the reasons this latest threat is so complicated is because it’s actually multiple vulnerabilities that were unveiled at the same time. They’re similar in some ways, but differ in important others — a fact hinted at by their names.
According to researchers, Meltdown “basically melts security boundaries which are normally enforced by the hardware.” Spectre, meanwhile, “breaks the isolation between different applications” allowing “an attacker to trick error-free programs, which follow best practices, into leaking their secrets.”
And what does that actually mean? Essentially, either of these vulnerabilities could be theoretically exploited to steal sensitive data, like passwords, off your computer. Spectre is also a threat to your smartphone, so no escape there.
Furthermore, while Meltdown can be mostly mitigated with software patches, it is thought only certain exploitations of Spectre can be stopped in this manner. In other words, the latter is going to haunt us for some time and either could potentially require new processors for a complete fix (maybe).
Companies, if they haven’t already, are rushing to release the aforementioned “mitigations” against possible attacks that could exploit Meltdown or Spectre (a helpful patch list can be found on the Computer Emergency Response Team site). Why mitigations? Well, because the patches and updates mitigate the risk — but might not remove it completely.
What do I need to do?
Meltdown and Spectre are the real deal, and rightly have security professionals concerned. However, at this time there are plenty of things you can do to protect yourself that don’t involve buying a new computer.
Security researcher Matt Tait writes that, at least when it comes to Meltdown, typical computer users can mostly breathe easy. First and foremost, make sure your system is up to date. Download any and all patches for your operating system and browser of choice.
But, because more updates are coming down the pike, you’re not done. Be on the lookout for any and all future security releases and make sure to install them immediately. Don’t pull the classic “remind me later” bit.
And what about Spectre? This one is a little trickier.
“Spectre is harder to exploit than Meltdown, but it is also harder to mitigate,” explain the researchers behind the discovery. “However, it is possible to prevent specific known exploits based on Spectre through software patches.”
In other words, while nothing is perfect, much of the same advice applies as with Meltdown: update, update, update.
Which, well, has always been good advice.