Protect your machine from Meltdown and Spectre

By lensesview |
Meltdown and Spectre malware caused havoc among many users
Views: 163
Read Time:3 Minute, 11 Seconds

 

The information technology security woke up to year 2018 with the discovery of Meltdown and Spectre. Meltdown and Spectre is a vulnerability that was discovered in the PC Intel and Qualcomm powered processors and Spectre on billions of devices running on ARM, AMD and Qualcomm processors.

 

In the wake of the festive holidays the potentially industry-shaking flaw in these chips was discovered by three researchers from Austria. Moritz Lipp, Daniel Gruss, and Michael Schwarz  researchers from Graz’s University of Technology reported the flaw to Intel though a week later Intel informed the trio that actually they where the fourth to report the issue within the space of a month.

 

What is Meltdown and Spectre

Meltdown and Spectre have shown a terrific vulnerability that has shaken the industry. This pair of vulnerabilities broke basic security for practically all computers.

 

Meltdown is a flaw that could allow an attacker to read kernel memory – the protected core of an operating system. Meltdown affects Intel and Qualcomm processors and a type of ARM chip.

 

Spectre on the other end affect processors from Intel, ARM, AMD, and Qualcomm and is far more difficult to patch. What’s devastating is that Spectre affects the CPU directly. Spectre, would let attackers trick the processor into starting the speculative execution process.

 

‘Speculative execution is what make computer processes run faster. A chip will essentially guess what information the computer needs to perform its next function. As the chip guesses, that sensitive information is momentarily easier to access.’ 

 

In both Meltdown and Spectre attackers could see data that the processor temporarily makes available outside of the chip. Meltdown flaw makes use of the Operating System to sniff out the data and thats why its been easier to patch than Spectre that trick the processor into starting the speculative execution optmisation. Source CNET

 

How to Protect Your Machine

Updates have started to roll out but 

‘It’s hard to tell who is the right person to resolve this and how soon can it be resolved.’ ARCHIE AGARWAL, THREATMODELER

Intel has started to work out some firmware patches and are now interacting with vendors like HP and Apple to see how to distribute the updates. Apple released three updates that make changes to iOS, macOS and Safari Itself. 

Safari 11.0.2 update is meant for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 and it includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). iOS 11.2.2 is meant for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

 

On the Windows side patches are already out for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux. Though reportedly some AMD PC owners say the Windows 10 Update makes their machine crash and fail to boot.

As the tech companies and manufacturers roll out updates it will be wiser to take note and update appropriately. Check your browser version chrome, safari, firefox and so on and ensure they are up to date. If you are running vendor hardware for network and firewall see what your vendor guidance is.

 

In Zambia most vendor hardware is Cisco, Sophos UTM, HP and Linksys. See here for Cisco advisory and here for Sophos

 

Though no known attack through use of Meltdown and Spectre has been announced the flaw was spotted last year 2017. 

 

But the issue and design flaw has existed perhaps for more than 20 years and that’s two decades of billions of devices affected. Now that the flaw has been announced publicly hackers will take advantage of the flaw. And for sure they will succeed because not all of us are keen to update our systems.

Share
Tweet
Pin
0 Shares

More Posts That May Interest You:

Servers crucial to business apps and environmentA month of heightened security alerts Threat posed by malwareHow to protect yourself from WannaCrypto Windows Update sometimes creates BSoDWindows Update If You Installed Update MS14-045 Remove It Immediately New Apple technology macOS High SierraNew macOS High Sierra features worthy upgrading Default ThumbnailSoftware Archives Which macOS version is the latest?What is the latest Apple macOS version in use, list of macOS Windows Update sometimes creates BSoDMicrosoft Reissued Update MS14-045 With New Problems How to install macOSHow to install PowerShell on macOS iOS update 10.3.3Apple release update iOS 10.3.3 addressing serious wifi issue ZTE Android PhoneThe First Phone That Introduced Me To Android OS Default ThumbnailThese Facts Simply May Get You To vary Your How Much Do Indian Tribes Make From. Clear browser cacheWhy everybody is talking about Carbon X1 First update rolled out iOS11.0.1Apple roll out first update to iOS 11.0 barely a week after release how to clear browser cache on devices used for browsing internet3 Things You Can Do When You Are Bored Default ThumbnailComputer Assistance From The Specialists Newest OS from Microsoft is Windows 11Microsoft Windows 11. What is in it? Android tablet deviceHow To Protect Your Android Based Device from Malware Clear browser cacheHow to clear browser cache in Internet Explorer, Edge, Firefox, Safari, and Chrome Opening Messenger on mobile phoneApple Introduces macOS Mojave announced at WWDC18 – Whats New? 2019 GoldBrute Distribution In Zambia 12019 GoldBrute Distribution In Zambia
Posted in Security and tagged , , ,

This site uses Akismet to reduce spam. Learn how your comment data is processed.