The dawn of 2018 has come with a rude shock for PC users, with two hardware bugs named ‘Meltdown’ and ‘Spectre’ grabbing headlines this week, affecting a horde of desktop, mobile and even cloud users.
Experts have stated that the exploits are hard to detect as they do not leave traces of log files. Patches to fix Meltdown have been released by Intel, Microsoft, Google, and even Apple.
So, how do these bugs affect your system and what risk do they carry for users? Here’s a low-down on both the hardware bugs.
“Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer.” – as highlighted on Meltdown Attack.
Everything About Meltdown
The Meltdown bug basically melts security boundaries, which are normally enforced by the hardware.
According to researchers who discovered the bug, every Intel processor since 1995 has been affected by this.
Having said that, systems running ARM and AMD processors aren’t off the hook just yet, and early signs do not look promising at all.
According to Symantec, Meltdown exploiting cloud services is potentially the most worrying factor.
Cloud services affected by Meltdown can be exploited on a virtual machine in order to access memory from the host machine.Symantec
Apparently, this could let attackers buy space on a vulnerable cloud service and use it to stage an attack against other customers using the same host, leading to serious consequences for both the parties involved.
Everything About Spectre
The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.Meltdown Attack
Almost every system – desktops, laptops, cloud servers, as well as smartphones – are affected by Spectre, according to experts.
The bigger concern with Spectre is that it is a long-term problem, as researchers feel that the damage done to existing set of hardware is irreparable and only a full-blown redesigning of the chipset architecture can minimise its global impact.
Who's Fixing the Issue for Users?
Apple confirmed that it has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.
Software major Microsoft has already issued an emergency update to supported versions of Windows, which was part of a number of fixes that would protect against the processor bug in Intel as well as AMD and ARM CPUs.
Google has deployed a novel chip-level patch across its entire infrastructure, resulting in only minor decline in performance in most cases. Amazon is likely to fix the issue at its cloud server end in a few hours from now.
For smartphone users, now is a good time to switch from devices running on outdated Android version, which Google has explicitly said are not supported for security updates and patches, leaving them vulnerable to any possible attack from Spectre.
While no major incident has been reported over these two bugs, users are strictly advised to update their system with patches that are being rolled out, pronto!
How Can Users Protect Their PCs
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)