The IT security world got off to a rough start in the new year with newly discovered CPU vulnerabilities. These flaws – dubbed Spectre and Meltdown – can potentially allow malicious entities to access sensitive data on mobile devices, laptops, desktop computers, and even the cloud, according to the Graz University of Technology (also known as TU Graz, home of one of the research teams that independently discovered Meltdown).
If all of the headlines about these serious cybersecurity flaws have got you worried and you’re still unsure about whether your data is in danger, here are answers to some of the questions you might have.
What are Meltdown and Spectre?
Meltdown and Spectre are flaws in the processors in computers and mobile devices that create the potential for malicious programs to access the memory of other programs and/or the operating system, according to TU Graz.
Meltdown provides a way to get through the boundary between user applications and the OS, which can allow malware to access the memory of the OS and other programs. It gets its name from its ability to “melt” security barriers.
Similarly, Spectre breaks through the barriers between different programs. That means attackers could exploit it to trick applications into spilling their “secrets,” such as passwords. It’s called Spectre because it’s related to speculative execution, an optimization technique used by computers. Additionally, it’s difficult to remedy, so it will probably “haunt” us for a while, according to TU Graz.
Do I need to worry about these vulnerabilities affecting me?
Unfortunately, almost everyone is affected by at least one of these two flaws. Because of how Intel processors handle speculative execution, basically all of them released from 1995 onward are impacted by Meltdown, according to PCWorld. The full list is available from the Intel Security Center. Some ARM processors are susceptible as well.
As for Spectre, processors from AMD, ARM, and Intel are vulnerable. Almost every system – including laptops, cloud servers, and smartphones – is at risk, TU Graz reports.
What do I need to do to fix Meltdown and/or Spectre and secure my data?
First of all, while these are significant vulnerabilities, there’s no need to panic. The sky isn’t falling: IT security testing service provider AV-TEST GmbH reported finding 139 code samples as of February 1 that seem to exploit the CPU vulnerabilities – but malware based on Spectre and Meltdown isn’t out in force just yet.
You should go ahead and address these vulnerabilities as part of your normal patching schedule. However, the patches from OS developers can cause significant performance problems (e.g., slowdowns and random restarts), according to Wired.
As a result, you might want to weigh the pros and cons of patching and how necessary it is depending on your devices at this point. A machine that isn’t exposed to the open Internet isn’t nearly as high risk, for example, as a cloud machine that has multiple people logging on regularly.
If you’d like more guidance on IT security and how to keep your data safe, feel free to contact our team of expert techs. They’re well-versed in a range of cybersecurity solutions and can help you take proactive steps to minimize your risk of a data breach. Contact us today by calling 877-599-3999 or emailing firstname.lastname@example.org.