Last week’s security announcements about vulnerabilities in modern chips have implications across every industry. These vulnerabilities, branded Meltdown and Spectre, represent fundamental problems with CPU architecture design. The combination of the two affects CPUs of all types of systems from mobile phones, tablets, laptops, desktops, servers, routers, firewalls, switches, wireless, printers, NAS, SAN, and IoT devices.
While these revelations raise further questions about the future of processor construction, we’ll focus today on what the vulnerabilities are and how to protect your businesses and devices.
Meltdown is applicable to virtually every Intel chip. Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, potentially malicious applications can access system memory, and read sensitive data such as passwords or PII, according to the researchers who discovered the flaws. Meltdown dupes other applications into accessing random locations in their memory. Meltdown mainly affects Windows, Mac, and Linux systems.
How to Protect yourself
The good news is Apple, Google and Microsoft have released updates to protect their systems from Meltdown. Updates for Spectre are expected the coming weeks from the same vendors along with Cisco, Qualcomm, D-Link, DellEMC, Red Hat, Canonical and many others.
Check with your vendors for their latest security patches for the fixes that will protect you and your data from this type of attack.
Microsoft has reported in an alert that neither patches will be installed so a long as a device is running an incompatible version of antivirus software, so also check your antivirus vendor for updates.