As you’ve probably heard by now, practically every computer (and smartphone) made within the last 20 years has been rendered hackable. But what exactly are these major vulnerabilities that are leaving billions of devices open to attacks? And more importantly, how can you protect these devices and ultimately your information?
The two bugs that are throwing processors and programmers through a loop are known as Meltdown and Spectre. These 20-year-old flaws found in Intel processors were discovered by four different teams in recent months who then warned Intel of their defects. Meltdown can be described as a bug that "melts security boundaries which are normally enforced by the hardware." While Spectre, "breaks the isolation between different applications" allowing "an attacker to trick error-free programs, which follow best practices, into leaking their secrets" All of that to say both vulnerabilities leave your devices open to hackers to steal sensitive data (passwords, encryption keys, personal information) off your computer and smartphone.
Luckily, organizations affected, like Microsoft, Apple, Google and obviously Intel, wasted no time in beginning the process of creating patches for these exploits. Here are the latest updates:
Intel: Intel has said that 90 percent of processing chips released in the last five years will have fixes available by about Jan. 13. However, fixes for chips up to 10 years old will be released in the coming weeks.
Microsoft: Microsoft released patches for the Windows operating system and its Internet Explorer and Edge browsers, but warned that your antivirus software needs to be updated to support those patches.
***UPDATE: Unfortunately, Microsoft has since paused distributing its Meltdown and Spectre security updates for some older AMD machines after reports of computers not being able to turn on after updating.
Apple: Apple has released iOS 11.2.2 software for iPhones, iPads, and iPod Touch that patch the Spectre exposures. A macOS High Sierra 10.13.2 update was also released to strengthen Spectre defenses in Apple’s Safari browser and WebKit (the web browser engine used by Safari, Mail, and App Store)
Google: Google has released an extensive blog post to its users of Android, Chrome, and Chrome OS. It reveals some user action is required on the behalf of Chrome and Chrome OS users, while many others will have automatically updated. The latest version of Android already contains repairs needed. More modifications will be available in Chrome 64 which is set to be released around January 23.
In the meantime keep all your other software updated including web browsers. Also, run security software to make sure you don't have any malicious software on your computer right now. Finally, look out for phishing emails that can trick you into clicking on links and downloading malicious software hackers use to get inside your computer.