How to protect devices from Spectre and Meltdown chip flaws

Marcus Newton
January 7, 2018

The Meltdown flaw is less serious and can be patched by software that is already being released by numerous major computer operating systems.

If this wasn't enough proof that Apple devices are safe from the flaw, take a look at this tweet from software developer Alex Ionescu, who says his studies of macOS code show Apple introduced a fix for the CPU flaw in the release of macOS 10.13.2, and there are additional tweaks set to be introduced in macOS 10.13.3, which is now in beta testing.

Users of mid-range smartphones from brands such as Oppo and Vivo may not be at risk if they are using devices that run on the Cortex A53 processor, which is unaffected by the vulnerability, according to ARM. "Spectre tricks other applications into accessing arbitrary locations in their memory". Researchers say the other is harder to fix and "will haunt us for quite some time". The Redmond giant released yesterday an emergency update with kernel fixes to protect Windows users from the security flaw, highlighting that the security exploit is serious but hasn't been actually used for now.

"The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution".

"Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary", the 16-page research paper on Spectre stated.

More news: Norwich City hold Chelsea as Blues lack cutting edge
More news: DeWanda Wise Is Joining The Cast Of Captain Marvel
More news: Britney Spears So Long, Vegas ... Yellow Hawaii!!!

WE'RE NOT EVEN a week into 2018 and already the New Year has thrown a massive spanner in the works for anyone hoping to have a year free of a large-scale security threat.

Fixes: Released for Android, Google Cloud, and pending for Chrome. To turn it on, type chrome://flags/#enable-site-per-process into your Chrome browser bar and select the box next to "Strict site isolation". Edge updates are rolled into the Microsoft security patch released on Wednesday, while Firefox users can click on About Firefox in the Help menu to see their update status.

Microsoft had originally meant to include patches as part of its regularly scheduled Patch Tuesday update on January 9, but it released out-of-band patches on January 3, which are now available to users via the regular Windows Update mechanism. To be sure your computer is up to date, open the Start menu, click the gear icon to open Settings, and click on Windows Update. Amazon Web Services (AWS), the largest seller of cloud computing services, said in a statement it does not "expect meaningful performance impact for most customer workloads". Although Linux does have mitigations in place, Linux creator Linus Torvalds is among those who aren't entirely convinced that software will fix all the issues.

Legal experts believe that more lawsuits over the vulnerabilities will follow.

We haven't heard much from Microsoft yet about the flaw, but it's expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday this month, after seeding them to beta testers running fast-ring Windows Insider builds in November and December. "Fully removing the vulnerability requires replacing vulnerable CPU hardware".

Other reports by MaliBehiribAe

Discuss This Article

FOLLOW OUR NEWSPAPER