Android, Antivirus, Apple, Chromebook, Enterprise, Internet Security, iPhone, Mobile, OS X

CPU Security Flaw (Meltdown and Spectre) – What you need to know

Processors (CPUs) provide the brainpower for all the computerized devices we use day to day, from PCs and smartphones down…

Processors (CPUs) provide the brainpower for all the computerized devices we use day to day, from PCs and smartphones down to mundane things such as ATMs. Therefore an exploit – or exploits – that affects virtually all of these devices at the same time is a shocking thing to hear about.

Unfortunately, early 2018 saw just such a thing happen with the news that a design flaw in nearly all modern processors had been found.
 

What are Meltdown and Spectre?

Meltdown and Spectre are the names given to the two newly discovered vulnerabilities that affect virtually every device with a processor in it.

They rely on retrieving small amounts of data that are made available outside of the processor temporarily. This happens due to a design in processors called “speculative execution”.

This is the process where a CPU essentially guesses what information it will need next to function quickly.

Spectre allows attackers to force the processor itself to start the speculative execution process. They then access the extra data to obtain sensitive information that should never be available.

Meltdown fundamentally breaks down the mechanism that stops applications from accessing system memory. By doing so it enables exploits to access arbitrary system memory to retrieve sensitive data.
 

Who discovered them?

Both exploits were independently discovered by multiple teams of researchers.

Meltdown

  • Jann Horn (Google Project Zero)
  • Werner Haas, Thomas Prescher (Cyberus Technology)
  • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz(Graz University of Technology)

Spectre

  • Jann Horn (Google Project Zero)
  • Paul Kocher in collaboration with Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61)

 

What systems are affected?

On a technical level, every Intel processor that implements out-of-order execution (speculative execution) is potentially affected. This includes almost all Intel processors dating back all the way to 1995!
A portion of AMD processors and ARM processors are also affected.

All desktop, laptop and cloud computing services may be affected by Meltdown.
 

Am I affected by Meltdown and Spectre?

Yes!

This may seem like a very blunt answer but due to the wide-reaching nature of the design flaw, you almost certainly have a device that will have been affected.
 

Does my antivirus protect me?

Antivirus programs could theoretically detect the use of these exploits, however, in practice it is very unlikely. It is possible that your antivirus could detect malware designed to exploit these vulnerabilities but not the actual vulnerabilities themselves.
 

How do I protect myself?

The Meltdown exploit is able to be fixed with a software patch as it relies on breaking the isolation between user apps and the operating system.

Computers fitted with a vulnerable processor and running unpatched operating systems will be open to exploit.

Fortunately, Operating system vendors have released relevant patches to protect their users. As long as you regularly update your operating system using built-in update tools, you should be fully protected from the Meltdown vulnerability.

As usual, it is best to operate safe web browsing habits and not install any potential malware on to your device that may potentially make use of these vulnerabilities.

Spectre has proven to be much harder to protect from as it is executed at the hardware level.

Initial advice so far is to follow the basic steps (similar to meltdown):

  • Update your operating system frequently
  • Install updates from your hardware manufacturer (firmware updates)
  • Turn on isolation mode in your web browser ( Chrome and Firefox ) – This prevents exploits in javascript from utilizing Spectre vulnerability.

 

What next?

The main thing for most people to do is to not panic. If you have followed the basic security steps and best practices above then you will almost certainly be safe.

It is important to note that some of the security patches that have been released may deliver a performance hit to your device. This is a widespread complaint and many of the operating system vendors recognize this as an issue.

They have stated that the performance hit should not be noticeable to the average user, however, hits to performance are “highly variable and depend on a number of factors”.

If you feel like your device performance has been significantly affected, do some research on whichever update you just installed. Other people may have suggestions and/or the vendor themselves may recognize a compatibility issue with certain device setups.
 

Conclusion

The shock release of these two huge vulnerabilities should be a wakeup call to the entire world.

It is increasingly important in this day and age to be ever vigilant about what information you store on your devices.

More importantly, users and companies should focus on preventative practices, such as being aware of potential malware that could expose devices to cybercriminals.
For more advice on what users should look out for in 2018, check our article – Internet security threats to look out for in 2018

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet Security

Kiambu CCTV captures 2 young men’s suspicious activity in apartment: “Who knows them?”

CCTV footage captured two young men attempting a daytime break-in in Ndumberi, sparking social media reactions amid rising insecurity and calls for vigilance…

CCTV footage captured two young men attempting a daytime break-in in Ndumberi, sparking social media reactions amid rising insecurity and calls for vigilance…
Read More

Continue Reading
Antivirus

Bitdefender Antivirus for Mac review: Excellent protection held back by frustrating flaws

Macworld At a GlanceExpert’s Rating Pros Excellent malware detection Fast scan performance Very low system impact Effective ransomware protection Generous 30-day free trial Cons InConsistent phishing protection Chat Protection needs improvement No scheduled scans Log export unavailable VPN requires separate subscription Our Verdict Bitdefender Antivirus for Mac remains one of the stronger security suites available

Macworld

At a GlanceExpert’s Rating

Pros

Excellent malware detection

Fast scan performance

Very low system impact

Effective ransomware protection

Generous 30-day free trial

Cons

InConsistent phishing protection

Chat Protection needs improvement

No scheduled scans

Log export unavailable

VPN requires separate subscription

Our Verdict
Bitdefender Antivirus for Mac remains one of the stronger security suites available for macOS…
Read More

Continue Reading
Apple

The Apple Watch Series 11 Drops to $238 During the Early Amazon Resale Prime Day Sale

Apple Watch prices have dropped for Amazon Prime Day. Starting today, most colors and styles start at $279 for the 42mm size and $309 for the 46mm size. That’s the lowest price I’ve ever seen by $20 and currently $120 cheaper than buying directly from the Apple Store. The Series 11 is Apple’s newest model.

Apple Watch prices have dropped for Amazon Prime Day. Starting today, most colors and styles start at $279 for the 42mm size and $309 for the 46mm size. That’s the lowest price I’ve ever seen by $20 and currently $120 cheaper than buying directly from the Apple Store. The Series 11 is Apple’s newest model. The Series 12 is expected to be announced sometime in September, but it will probably retail for $399 or more and come with minor incremental upgrades.

Apple Watch Series 11 Starting at $279 for Prime Day

Apple Watch Series 11 [GPS 42mm]

Apple Watch Series 11 [GPS 42mm]

$399.00 save 30%

$279.00 at Amazon

Apple Watch Series 11 [GPS 46mm]

Apple Watch Series 11 [GPS 46mm]

$429.00 save 28%

$309.00 at Amazon

The Apple Watch Series 11 is the best smartwatch for most iOS users. It’s stylish, boasts excellent build quality, and seamlessly integrates with your iPhone. It’s loaded with tons of practical health and fitness features, including activity tracking and heart rate monitoring. New to the Apple Watch 11th generation model specifically are (1) the Apple Intelligence powered “Workout Buddy” that motivates you during exercise, (2) hypertension notifications, and (3) a sleep score that measures the quality of your sleep. The biggest hardware updates include a brighter and more scratch resistant display and 33% longer battery life.

Can you use an Apple Watch with Android phones?

Although it’s technically possible to use an Apple Watch with an Android phone, we wouldn’t recommend it. Apple made it so that a lot of the functionality of the Apple Watch requires a smartphone with an iOS operating system. There are some workarounds to implement some of its features, but for the average person, the hassle is not worth it. If you’re absolutely intent on getting an Apple Watch, then getting an iPhone first would be the best option.

How to Follow IGN Deals Recommendations

The IGN Deals team has over 30 years of combined experience finding the best discounts and preorders available online. If you want the latest updates from our trusted team, here’s how to follow our coverage:

  • Sign up for our IGN Deals Newsletter
  • Set IGN as a preferred source in Google
  • Shop on our Amazon Storefront
  • Follow us on social media
    • IGN Finds on X
    • IGN Finds on Instagram
    • IGN Finds on

!–>!–>!–>!–>!–>!–>
Read More

Continue Reading
Apple

Desperate Housewives Alum Marcia Cross Shares Rare Selfie

Marcia Cross is giving desperate fans a rare apple. While the Desperate Housewives alum—who starred as Bree Van de Kamp on the hit ABC series—often keeps her social media focused on her career and activism, she shared a close look into her traveling style in a rare selfie. In a May 28 Instagram post, Marcia

Marcia Cross is giving desperate fans a rare apple. While the Desperate Housewives alum—who starred as Bree Van de Kamp on the hit ABC series—often keeps her social media focused on her career and activism, she shared a close look into her traveling style in a rare selfie. In a May 28 Instagram post, Marcia
Read More

Continue Reading