Security Corner – A Quick Guide to Meltdown and Spectre Vulnerabilities

Security Corner – A Quick Guide to Meltdown and Spectre Vulnerabilities

Simply Clog Spectre and Meltdown Hack

Confused by the recent tech babble about “speculative execution vulnerabilities in ARM-based and Intel CPUs”? Here are the basic facts you should know as a user of Apple products.

What’s all the fuss about?

Researchers recently discovered two major security problems with the modern chips made by Intel, ARM and others. Since these chips are at the heart of most processors manufactured in the past twenty years, nearly all computing devices and operating systems are affected. Apple has confirmed this includes all Mac systems (iMac, MacBook), iOS devices (iPhone, iPad, iPod) and the Apple TV. The Apple Watch is unaffected by both Meltdown and Spectre.

What’s the problem?

Modern computers improve processing speed by employing shortcuts, known as “speculative execution.” Unfortunately, As it turns out these can be exploited to access data from the chip’s memory. Thus, a hacker could gain access to the passwords, encryption keys and other sensitive data stored on your personal devices. If you use a cloud or other online services, your data kept there is also vulnerable on their servers. The two security vulnerabilities have been dubbed “Meltdown” and “Spectre.” Spectre is considered the more worrisome flaw. Although it’s harder to exploit, it’s more challenging for manufacturers to solve with some experts believing a hardware redesign will be required. Spectre could also potentially affect more people as the chips involved are more widely-used.

Have I been hacked?

Apple has given assurances that no known exploits have yet affected its customers. Expert-level knowledge would be required to prepare and initiate an attack. However, now that these vulnerabilities are widely known, who can predict whether criminals or maybe “big brother“ will hasten their efforts before these loopholes are closed?

What can I do to protect my devices?

Simply Computing Hacker Spectre and Me Tech companies usually wait until they’ve solved a problem before announcing it, but this time the cat got out of the bag early. Although scrambling a bit, the industry is working hard to develop and disseminate security updates as soon as possible. For Meltdown, Apple already released mitigations for iOS, macOS and tvOS in December. For Spectre, there is a new Safari update for iOS and macOS as of January 8th. If you use one or more of these operating systems, you should immediately download and install the updates. Apple reports no measurable reduction in speed because of the security updates. Other experts, however, say devices older than 5 years may be slowed.

As of January 8, 2018, Apple is still working on Security Updates to mitigate the impact of Spectre. Apple will continue to develop and test further mitigations and will release them in upcoming updates of iOS, macOS, and tvOS. To avoid missing these, consider setting yourself a Google alert as the releases are sure to be reported in the news and discussed on technology websites. Again, download and install any updates immediately.

Since a malicious app is required to exploit both Meltdown and Spectre, Apple also recommends only downloading software from trusted sources, including the Apple App Store. Untrustworthy websites, especially those using JavaScript, should also be avoided.

For a more detailed explanation of these exploits, you can read the official Apple release on this issue here.

That’s it from the Simply Blog for now! Stay tuned for more security tips!

By Dan Daly.