Meltdown and Spectre are the two major computer processor security bugs that affect almost every device that was made in the last 20 years. This massive security flaws was discovered to potentially have an impact for personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure by allowing processor exploits to steal your passwords and other sensitive data.
How does it work?
Digital devices such as our smartphones, has processors that allows our devices to “think” by performing a number of calculations per second. Meltdown and Spectre targets the way processors optimize and run certain actions known as “speculation execution”. This vulnerability allows them to see memories including personal information inside programs and services down to the core of the operating system.
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
How do I protect myself?
Luckily, some of the companies affected with the Meltdown flaw like Google, Microsoft, and Apple are already being patched. The recent update for Microsoft and Google is a security patch for the issue, if you are running a third-party anti-virus software, it’s possible that you won’t see the patch yet. Apple however, said that further updates are approaching and has released software updates to mitigate the Meltdown exploit for iOS, Macs, and as well as the Apple TV in December.
For Spectre, fixes may require hardware changes and could take a while before it could be resolved. Compared to Meltdown, it’s harder to protect yourself against the Spectre flaw. According to researchers involved in discovering and reporting on the two exploits, software updates to patch particular flaws in Spectre are possible, though none are available yet, or are able to address the exploit completely without a redesign of the operating system and the microprocessor itself.