The devastating discovery about security flaws (namely Meltdown and Spectre) identified in various generations of Intel CPUs, probably all processors manufactured over the past decade, has taken the tech world by storm. Every day we get to learn about alarming new details, which reinforce the fact that the problem is bigger than we initially thought. Now, we have learned that apart from Windows, Linux, and macOS, the vulnerability in Intel CPUs also affects Amazon Cloud services, AMD and ARM too.
There is no doubt about the fact that the exploits are facilitated by the built-in flaws in CPUs design because of which other programs and codes can access the otherwise discreet and highly private kernel memory section of a processor. The flaw hasn’t been exploited in the wild as yet but chances are that cybercriminals won’t leave any stone unturned to benefit from it. This is what makes the immediate release of patches so much important for developers and OS vendors.
If you need to know how you can protect your PC and Smartphone from Meltdown and Spectre then this article would help you out. It must be noted that currently, it is not possible to fix Spectre flaw since the exploit is wide ranged and quite complicated. Not much is known about it as of now and without redesigning of processor and hardware updating, it is not possible to fix it. Therefore, only Meltdown exploit can be fixed. Let’s find out how to fix the issue for different platforms.
Updates for Windows 7, 8.1 and 10 OS have been released by Microsoft and can be installed easily after checking Windows Update feature. However, Microsoft states that a majority of antivirus software is incompatible with the new updates. The tech giant hasn’t disclosed the names of antivirus programs that are incompatible with the new security updates but security researcher Kevin Beaumont has shared a spreadsheet that lists the names of incompatible software. Check it out here.
Moreover, you need to be sure that the system you are trying to update has the latest BIOS update from PC manufacturers such as HP, Dell or Lenovo. You can find it out through your PC OEM website. A sample PowerShell has been released by Intel and Microsoft to assess if a user has installed the required firmware and Windows update to stay protected from the two malicious attacks.
We have come to know that Linux developers have been working for months to devise fixes for Meltdown, which is the sole reason behind the immediate availability of Linux patches for this attack. We suggest that you carefully read the advisories released by your distro vendor since various distributions have been providing these patches. It is also recommended to update your CPU firmware too.
For Ubuntu users, it is reported that kernels update will be released by Jan 9, 2018, and the following kernels will be updated:
Ubuntu 17.10 (Artful) — Linux 4.13 HWE Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE) Ubuntu 14.04 LTS (Trusty) — Linux 3.13 Ubuntu 12.04 ESM** (Precise) — Linux 3.2
To ensure protection for Macs and iPhones from Meltdown, Apple has also released patches that mitigate attack threat for iOS version 11.2, macOS version 10.13.2 and tvOS version 11.2. Immediately install these updates to be sure that your macOS and iPhone are secure from attacks. Please note that Apple Watch is not yet believed to be impacted by Meltdown and as far as Safari is concerned, Apple has stated that the company will be releasing a fix against Spectre. Furthermore, Apple said in a statement that it is planning to release more updates for ensuring security from Meltdown and Spectre in the next versions of iOS, macOS, and tvOS.
The flaw was originally discovered by Google and it is the only firm that has uploaded a very detailed advisory to address the issue. G Suite and Google Cloud users are protected from the threat. On the other hand, Android users on Google devices can expect a fix in January security patch release while non-Google device users need to wait a bit for the patches. The company already patched the flaw in Google Chrome OS version 63 released in December while for the Chrome 64 browser, the patch is expected to be released on January 23.
An update is available for Mozilla browser users and it provides protection from Spectre and Meltdown attacks. Moreover, Red Hat (1), VMware (2), Cisco (3), NVIDIA (4), Rackspace (5) and Digital Ocean (6) have also confirmed the issue and working on issuing patches.
Watch Meltdown’s demonstration: