Pagoda Blog


Meltdown & Spectre: The Two Security Flaws That Impact Everyone

January 15, 2018

Researchers have discovered two hardware flaws in the most protected part of a device’s operating system. The first flaw was found in Intel’s chips which drive more than 80% of the world’s PCs. The second flaw affects just about every other chip--smartphones, laptops, your smartwatch, and other IoT devices.

 

Named Meltdown and Spectre, these flaws have actually been around for years, but tech researchers only discovered them in the last few months. The flaws affect a foundational part of our devices’ operating system called the kernel. The kernel is the core architecture that keeps your information safely encrypted when exchanged between programs. It does this by isolating your applications from each other and from the operating system. It turns out what was supposed to be the one ‘un-hackable’ part of your operating system can indeed be exploited.

 

 

Here’s how it works:

 

 

The Meltdown flaw makes it possible for any program to read the entire physical memory of a device that uses an Intel chip. Spectre goes further and actually breaks the isolation between apps and impacts almost every system since 1995, not just Intel chips.

 

 

Malicious software could take advantage of the Spectre vulnerability and use it to access information stored in Cloud computing services such as a password manager, document storage like Dropbox, and widely used services like Google’s G Suite and Microsoft’s Office 365. This is especially concerning for companies that use these services to store sensitive data and that have multiple users on the same network.  

 

Related post: Why You Need a BYOD Policy and How to Create It

 

The good news is that Spectre is harder to exploit than Meltdown, but it’s also harder to fix. While Intel has released a security patch to address the Meltdown flaw and is working on additional patches, there is no known quick fix for Spectre. To fully address the flaw will take years and requires redesigning processors.

 

How to keep your data safe

 

Before you panic and experience a physical meltdown, try not to jump to conclusions. While Meltdown and Spectre are said to affect pretty much everyone, that doesn’t mean that you’ve been hacked. What it does mean is that your processor most likely has these flaws making it vulnerable to malicious software that could take advantage of Meltdown and Spectre. 

 

This is why it’s more important than ever to update your operating system and keep your software up to date, including your web browser, apps, and antivirus software.

 

It's important to note here that if you're a current Pagoda client we manage all of these updates for you and your business. This includes the application of the latest security patches. If you're not a current Pagoda client, we recommend that you install the latest updates asap (see instructions below) or get in touch for expert IT assistance.  

 

How to install an update

 

Don’t wait to install updates. Putting off this important maintenance task could put your system at risk. In May of 2017, ransomware called WannaCry infected hundreds of thousands of computers across 150 countries. WannaCry was successful even though prior to the attack Microsoft released an update with a security patch to protect against the ransomware. The security patch widely failed because so many users didn’t update their operating systems.

 

Here are step-by-step instructions to update your operating system as soon as you’ve finished this article:

 

  1. For a Mac System
  • Open the App Store app and check the Updates tab for the latest software.
  1. For a Windows System
  • Click the Start button and click through ‘Settings, Update & security, Windows Update and Check for updates.
  1. For Google Chrome
  • Click on the three dots in the upper-right corner and click Update Google Chrome (if you don’t see this option, you’re already using the latest version).
  1. For Firefox
  • On the menu bar click the Firefox menu and select About Firefox.
  • The About Firefox window will open. Firefox will begin checking for updates and downloading them automatically.
  • When the updates are ready to be installed, click Restart to update Firefox.
  1. For Safari

 

For more information about Meltdown and Spectre check out these resources:

 

How to Explain Meltdown and Spectre to Your C-Level Employees

Meltdown and Spectre: Vulnerabilities in modern computers leak passwords and sensitive data

What You Need to Do Because of Flaws in Computer Chips

 

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and learn how to protect and grow your business with monthly IT tips from our experts. Subscribe today.

 

Need ongoing IT support for your business? Contact us for a free consultation. We’d love to work with you!

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.

 




Return to Pagoda Blog Main Page