Every Modern Processor is Vulnerable to Meltdown and/or Spectre

This week, details have emerged on serious flaws in processors that allows hackers to steal sensitive data, including passwords and banking information. The vulnerabilities – dubbed Meltdown and Spectre – are known to affect Intel, ARM, AMD and other chips.

Meltdown is easier to exploit. This flaw in Intel chips allows a hacker to read information from applications’ memory at the kernel level.
Some tech companies have known about these vulnerabilities for months while working on fixes and mitigations.

Who is at risk of an attack?

Any device less than 20 years old.

Intel and AMD chips power nearly all personal computers and the computers used in data centers, including those that power online services and cloud computing services. ARM chips power many smartphones and embedded devices.

Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.

Look out for security updates!

Every PC, laptop and smartphone user needs to update multiple software on their device to protect against these vulnerabilities.

  • Look out for security updates from suppliers that run software on your devices, like Microsoft Windows, or Apple iOS. Here is a good resource with an updated list of patches.
  • Check with your open source operating system vendor or system manufacturer and apply any available updates as soon as they are available.
  • Some internet browsers may be affected. Mozilla said its internal experiments have confirmed it is possible to use techniques that are similar to Meltdown and Spectre on web content. Look out for updates for Google Chrome and Mozilla Firefox.
  • This is much scarier in the cloud, where the same server could be working for dozens of people at once. Service providers such as Amazon, Microsoft and Google are working to patch the servers used in their data centers. Users may experience down time.

How should my team protect against future vulnerabilities?

Follow good security practices. Protection against malware may help protect against possible exploitation until updates can be applied.

PATCH PATCH PATCH! Always keep your software updated. This applies not only to software you buy, but also to open source software your developers use to build code. Don’t let unmanaged Open Source be your weakest link.

Back up your data. Always have a secure copy of your data outside your facility, in case of a breach.

This will not be the last vulnerability. And like the ones in the recent past (WannaCry, Heartbleed come to mind), it will leave a long trail of unpatched, vulnerable systems in its wake. To stay secure, patch your systems as soon as updates are released.

In an industry where software is shared widely and is so interconnected, investing in software security and cooperating across the software industry should be the new mindset. Companies should no longer see security as an overhead or a competitive advantage. As the world comes to depend on these products, consumers should demand nothing less.