Spectre and Meltdown: What You Need to Know

Spectre and Meltdown: What You Need to Know

Spectre and Meltdown: What You Need to Know

No Comments on Spectre and Meltdown: What You Need to Know

If you’re panicking because of the news yesterday of the critical design flaws in your computer’s CPU, you can relax. Most IT professionals have been hearing about this for months now and the release on the news comes after most platforms have already created operating system patches.

Intel is releasing patches for their CPUs manufactured in the last 5 years that should be available in a few days, Apple patched their Operating System with iOS 11.2 and Mac OS 10.13.2, which have been available for some time now. Microsoft has introduced their fixes in the January 2018 patch release which you should get if your computer is set to automatically download updates, otherwise you should manually update your operating system. Apple has stated that they’re not aware of any “in-the-wild” malware actually utilizing the CPU design flaws.

So what are these vulnerabilities and how do they work?

Meltdown allows user applications to snoop on private information from other programs running in memory. Meltdown exploits a caching optimization issue where the processor reads memory in advance of an anticipated operation, but if the prediction is wrong, the data that has been proactively stored in the cache is now available to applications that request it before it’s been cleared. The issue is the speed and timing of the requests that allows the memory to be read before it’s deleted. Most Intel processors designed since 1995 are vulnerable until Intel issues a patch for their most recent processors in the next couple days.

Spectre is a side-channel software exploit that forces an application to access it’s sensitive data to be exploited using the meltdown. While Spectre forces the applications to access passwords and private information, the exploit would theoretically access the cache to steal the information. It’s important to know that software is already being updated to mitigate this attack by altering system clocks to introduce a minor delay so the Meltdown exploit used by Spectre is not possible.

Firefox and Chrome have already introduced patches to address Spectre by slowing down requests to fixing the timing issue with the CPU caching. Apple says that the next update for Safari will include a similar patch.

Our recommendations are to continue using standard security practices for avoiding malware and viruses. Do not open mail or attachments from unknown individuals, do not click suspicious links on websites and stay away from advertising links online since you cannot tell who they are really from. Even trusted websites can be the source of malware, so limit your online behavior to only what is necessary.

For additional protection you can install browser plugins like Ad Block Plus and No Script. These limit the attack surface while browsing the internet and will alert you to any unusual attempts to load unnecessary javascript and tracking.

For the best protection use a separate computer for browsing and email that doesn’t contain your most important information. It’s not uncommon in professional environments to have a computer with internet access separate from the workstation that connects to company servers and databases. You should consider this level of isolation if you handle private health or banking information for customers.

Please contact us if you’d like help updating your computers and operating systems to be protected. Most computers will be updating themselves this month, but we’re here to help if you are concerned.

About the author:

Justin Soenke is a trend-based serial entrepreneur and thought leader in the areas of cyber-security, web design, SEO, social media, eCommerce and managed IT. Justin has overseen the creation and success of over a dozen companies in the technology, security and media sectors, and is the contributing source for his SB Design Blog, SB Tech Blog and SB SEO Blog among regular contributions to many outside blogs and websites, all for our clients.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow & like us :)

Subscribe to Emails

Our Address

Mailing Address
Phase 3 Enterprises, Inc.
PO Box 369
Santa Barbara, CA 93116

Call Us Today!

Contact our team of professionals — your single point of service for all your IT, Web design and SEO needs.

Phone Support Hours
Mon - Fri: 8am to 5pm
tel 805.964.3235
fax 805.715.8107