Android, Antivirus, Apple, Chromebook, Enterprise, Internet Security, iPhone, Mobile, OS X

CPU Security Flaw (Meltdown and Spectre) – What you need to know

Processors (CPUs) provide the brainpower for all the computerized devices we use day to day, from PCs and smartphones down…

Processors (CPUs) provide the brainpower for all the computerized devices we use day to day, from PCs and smartphones down to mundane things such as ATMs. Therefore an exploit – or exploits – that affects virtually all of these devices at the same time is a shocking thing to hear about.

Unfortunately, early 2018 saw just such a thing happen with the news that a design flaw in nearly all modern processors had been found.
 

What are Meltdown and Spectre?

Meltdown and Spectre are the names given to the two newly discovered vulnerabilities that affect virtually every device with a processor in it.

They rely on retrieving small amounts of data that are made available outside of the processor temporarily. This happens due to a design in processors called “speculative execution”.

This is the process where a CPU essentially guesses what information it will need next to function quickly.

Spectre allows attackers to force the processor itself to start the speculative execution process. They then access the extra data to obtain sensitive information that should never be available.

Meltdown fundamentally breaks down the mechanism that stops applications from accessing system memory. By doing so it enables exploits to access arbitrary system memory to retrieve sensitive data.
 

Who discovered them?

Both exploits were independently discovered by multiple teams of researchers.

Meltdown

  • Jann Horn (Google Project Zero)
  • Werner Haas, Thomas Prescher (Cyberus Technology)
  • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz(Graz University of Technology)

Spectre

  • Jann Horn (Google Project Zero)
  • Paul Kocher in collaboration with Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61)

 

What systems are affected?

On a technical level, every Intel processor that implements out-of-order execution (speculative execution) is potentially affected. This includes almost all Intel processors dating back all the way to 1995!
A portion of AMD processors and ARM processors are also affected.

All desktop, laptop and cloud computing services may be affected by Meltdown.
 

Am I affected by Meltdown and Spectre?

Yes!

This may seem like a very blunt answer but due to the wide-reaching nature of the design flaw, you almost certainly have a device that will have been affected.
 

Does my antivirus protect me?

Antivirus programs could theoretically detect the use of these exploits, however, in practice it is very unlikely. It is possible that your antivirus could detect malware designed to exploit these vulnerabilities but not the actual vulnerabilities themselves.
 

How do I protect myself?

The Meltdown exploit is able to be fixed with a software patch as it relies on breaking the isolation between user apps and the operating system.

Computers fitted with a vulnerable processor and running unpatched operating systems will be open to exploit.

Fortunately, Operating system vendors have released relevant patches to protect their users. As long as you regularly update your operating system using built-in update tools, you should be fully protected from the Meltdown vulnerability.

As usual, it is best to operate safe web browsing habits and not install any potential malware on to your device that may potentially make use of these vulnerabilities.

Spectre has proven to be much harder to protect from as it is executed at the hardware level.

Initial advice so far is to follow the basic steps (similar to meltdown):

  • Update your operating system frequently
  • Install updates from your hardware manufacturer (firmware updates)
  • Turn on isolation mode in your web browser ( Chrome and Firefox ) – This prevents exploits in javascript from utilizing Spectre vulnerability.

 

What next?

The main thing for most people to do is to not panic. If you have followed the basic security steps and best practices above then you will almost certainly be safe.

It is important to note that some of the security patches that have been released may deliver a performance hit to your device. This is a widespread complaint and many of the operating system vendors recognize this as an issue.

They have stated that the performance hit should not be noticeable to the average user, however, hits to performance are “highly variable and depend on a number of factors”.

If you feel like your device performance has been significantly affected, do some research on whichever update you just installed. Other people may have suggestions and/or the vendor themselves may recognize a compatibility issue with certain device setups.
 

Conclusion

The shock release of these two huge vulnerabilities should be a wakeup call to the entire world.

It is increasingly important in this day and age to be ever vigilant about what information you store on your devices.

More importantly, users and companies should focus on preventative practices, such as being aware of potential malware that could expose devices to cybercriminals.
For more advice on what users should look out for in 2018, check our article – Internet security threats to look out for in 2018

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Apple

South Africans can now buy Apple, Alphabet shares as digital tokens on Luno

From early August, Luno, a cryptocurrency and digital investment platform, will allow its users in South Africa to invest in tokenised stocks and exchange-traded funds (ETFs), making global equities like Apple and Alphabet accessible for as little as R20 ($1.13). The move positions Luno as a multi-asset investment platform and marks what it says is

From early August, Luno, a cryptocurrency and digital investment platform, will allow its users in South Africa to invest in tokenised stocks and exchange-traded funds (ETFs), making global equities like Apple and Alphabet accessible for as little as R20 ($1.13). The move positions Luno as a multi-asset investment platform and marks what it says is a first-of-its-kind offering in South Africa’s fast-evolving financial landscape.

Tokenised stocks are digital representations of real shares, backed 1:1 by actual securities. By enabling access via rands, Luno is removing longstanding barriers such as currency conversion costs, high fees, and trading-hour restrictions for retail investors in emerging markets.

“Until now, access to global financial markets has been locked behind red tape and legacy systems,” said Christo de Wit, Luno’s country manager for South Africa. “With tokenised stocks, we are offering South African investors easy access to global investments any time of the day or night.”

The platform will support over 60 U.S. companies and market indices, including Apple, Alphabet, NVIDIA, and the S&P 500. These tokenised products are made available through partnerships with infrastructure providers like Kraken’s xStocks and Backed Finance, which Luno says will ensure regulatory compliance, secure custody, and alignment with global financial standards.

How Luno tokenised stocks work

Customers can start investing with as little as R20 ($1.13), even in companies like Apple and Google. Instead of paying nearly R4,000 ($226) for a full Apple share, they can buy just a piece. These tokens are digital versions of real stocks, and customers trade them through blockchain. 

“This represents a fundamental shift in how we think about investing,” explained de Wit. “We are not just digitising old processes, we are reimagining what is possible when you combine improved technology with investor needs.”

Launched in 2013, Luno has grown to become one of Africa’s leading crypto exchanges, but now it’s adding tokenised stocks and ETFs. South Africa remains one of the continent’s most active crypto markets. Over 5 million South Africans are estimated to own crypto, with digital asset ownership expected to grow by nearly 8% annually through 2031.

Luno competes with platforms like VALR, Binance, AltcoinTrader, and wealthtech apps like EasyEquities and Satrix that focus mainly on traditional stocks and ETFs. 

Still, the expansion into tokenised equities could bring Luno under closer scrutiny. As digital tokens backed by real-world financial instruments, these offerings may fall within capital market regulations, including investor protection and transparency requirements. South Africa’s Financial Sector Conduct Authority (FSCA) is already in the process of licencing crypto asset providers and building a clearer framework for digital securities.

Mark your calendars! Moonshot by TechCabal is back in Lagos on October 15–16! Join Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% off—don’t snooze! moonshot.techcabal.com

Sakhile Dube Associate Reporter

Get the best African tech newsletters in your inbox

Read More

Continue Reading
Antivirus

Don’t fall for McAfee’s tricky antivirus warnings on your laptop

I review a lot of laptops and I’ve noticed many of them come with a “free trial” of McAfee antivirus preinstalled. I’ve clicked through so many warnings about how my PC will be “at risk” unless I pay up for extended protection, and those McAfee alerts are in a stark red color that’s surely designed

I review a lot of laptops and I’ve noticed many of them come with a “free trial” of McAfee antivirus preinstalled. I’ve clicked through so many warnings about how my PC will be “at risk” unless I pay up for extended protection, and those McAfee alerts are in a stark red color that’s surely designed to scare me…
Read More

Continue Reading
Antivirus

This antivirus actually respects your Mac

Macworld Mac users, we get it—you don’t like bloated, ugly antivirus software slowing down your beautifully tuned machines. But you also don’t want to be the one person who ignores modern cyber threats just because “Macs don’t get viruses.” Spoiler: they can and they do. If you’re looking for a lightweight…

Macworld

Mac users, we get it—you don’t like bloated, ugly antivirus software slowing down your beautifully tuned machines. But you also don’t want to be the one person who ignores modern cyber threats just because “Macs don’t get viruses.” Spoiler: they can and they do.

If you’re looking for a lightweight…
Read More

Continue Reading
Antivirus

I tested the best antivirus software for Windows: Here’s what I’d use to protect my PC

ZDNET tested the best antivirus software on the market that supports multiple operating systems, VPNS, and robust protection…

ZDNET tested the best antivirus software on the market that supports multiple operating systems, VPNS, and robust protection…
Read More

Continue Reading