Update everything is the only way to mitigate Spectre and Meltdown vulnerabilities
Since the beginning of January 2018, Spectre and Meltdown related headlines are seen almost every day in the most sharable sites on the web. However, it seems that many people are still unaware of the current situation and what ramifications the Spectre and Meltdown vulnerabilities might have for both home and enterprise users.
Spectre and Meltdown – the most significant vulnerability for the last two decades
Spectre and Meltdown are the names that were given to a severe CPU flaw detected at the beginning of 2018. The danger and extent of this vulnerability are huge, so experts point out to it as the most significant flaw detected through a period of 20 years or more.
Spectre and Meltdown flaw detected in the processors developed by Intel, AMD, and ARM. The group of scholars who are all participants of the Google's Project Zero were first to spot the flaw and explained the processor developers left the “speculative execution,” which is a specific processor performance when central processing unit (CPU) predicts the actions of the device's user and starts executing them beforehand, unprotected.
The Spectre and Meltdown flaws then enable crooks to spread malicious programs and get access to kernel memory, which stores private information, including passwords, encryption keys, contacts, and what not. One of the latest Spectre attack variants, known as SgxSpectre, can even extort data from Intel's Software Guard Extensions (SGX) enclaves, which store the most sensitive information that can not be read by the operating system's components.
However, what makes this flaw exclusive is related to its extent. It's not yet clear how many machines are affected, but the numbers are counted in millions. That's not surprising taking into account the vulnerable chips have been developed since 1995. Thus, all devices, including PCs, web servers, and smartphones with Intel, AMD or ARM processors are exposed to a risk of cyber attack.
Meltdown and Spectre CPU flaw on iPhones as well: Apple confirmed
Apple did not say a word since the headlines of the Meltdown and Spectre vulnerabilities occurred. Eventually, the company broke its silence and confirmed the speculations that all iPhones are affected by infamous CPU flaw.
Although Apple does not expatiate on the situation triggered by Spectre and Meltdown, the company was quick to release a patch. Right after the official confirmation about vulnerable iPhones has been published, Apple's spokesperson urges iPhone users to download iOS 11.2 update to mitigate the vulnerability. Currently, iPhone and iPad users can download the iOS 11.2.2 update, which has slightly been improved.
Meltdown and Spectre are not yet used for attacks
Up until now, cybersecurity experts did not record any attacks by exploiting the Meltdown and Spectre CPU bugs. However, if crip manufacturers won't hurry to release a working patch, which could eventually be used on all affected devices, there's a high risk of massive identity thefts initiated via Meltdown and Spectre vulnerability exploits.
According to AV-Test Institute noticed a worrying statistics of the malware samples oriented to the exploitation of the Meltdown and Spectre CPU flaws. The company revealed 139 malware samples related to CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754, namely Meltdown and Spectre, vulnerabilities.
Luckily, these are only test attacks and does not seem to be successfully initiated. Nevertheless, each PC, smartphone or web browser user should be aware of the current situation and prepare the system for possible cyber attacks.
According to Intel, Spectre and Meltdown cannot expose personal data at risk of loss. In other words, the vulnerabilities cannot end up to files encrypted or deleted. However, it's a perfect medium to initiate identity thefts on a massive scale since all personal information can be leaked to remove control servers.
It's possible to mitigate the Meltdown and Spectre security flaws, at least partially
Since the Meltdown and Spectre CPU flaws are at the end of chip manufacturer's, there's hardly anything that home and enterprise device users can prevent the attacks. Thus, to patch these vulnerabilities ultimately, you'll have to wait for Microsoft and Apple, along with chip-makers, release a working, yet no damaging the system, patch. However, up until now, these tech giants are racing which one will be the first to release a patch, and that's the reason why none of the patched worked.
Nevertheless, each device user can take care of the system properly to make it the least vulnerable to the exploit. The keyword in fixing Meltdown and Spectre is UPDATE. All you have to do is to update – update everything.
- Switch to the latest operating system available. Although it's advisable to keep the system updated all the time, the risk of data being exposed to crooks due to Spectre and Meltdown should induce people who are still on Windows 7, 8, 8.1, XP or Vista to install Windows 10. According to Microsoft, the latter is the least vulnerable.
By the way, make sure that automatic update feature is enabled on your system. It will ensure automatic installation of each security update.
- Update CPU firmware. Updating firmware is equally important as updating the operating system. Intel and AMD have already released firmware updates for their processes, so we would highly recommend you to navigate to their official websites and download the latest firmware updates.
NOTE: after the installation of firmware updates, your device may run a little bit slower than before due to crucial architecture changes designed to immunize Meltdown and Spectre.
- Install the latest web browser's update. Spectre and Meltdown affect web browsers as well. Even though the most popular web browsers have an automatic update feature enabled by default. Nevertheless, experts recommend checking for the latest update manually.
- Update smartphones. All Google-branded phones should run the latest “protected” Google's updated version is 63, so make sure that it's already installed. In the meanwhile, Android users should navigate to the “System” and check for pending updates. Apple iPhone or iPad users should also install the security update iOS 11.2. or iOS 11.2.2. Check for it in the Settings -> General -> Software Update and download any pending update.
- Download cumulative and security updates regularly. Despite the fact that Windows updates sometimes cause some minor or major system's malfunctions, mind the current situation and install each piece of improvement not ot let your system unprotected. Regularly open Settings app, Update and Security section, and click Check for Updates. The same applies for Mac OS X.