Updates and patches are being rolled out quickly to help computer owners and system managers thwart the new year’s first widespread cybersecurity risks: Meltdown and Spectre.
The "Meltdown flaw" is specific to INTEL-based CPUs while the "Spectre flaw" affects all CPUs, including INTEL, AMD & ARM. That means it affects smartphones and tablets in addition to PCs and servers.
Stu Sjouwerman at KnowBe4 offers a great explanation on what’s going on:
Computer researchers recently found out that the main chip - the CPU - in most modern computers has a hardware bug. The design flaw in the CPU's been there for years and it’s a big deal because it affects almost every computer on your network, including workstation and servers.
The bug allows malicious programs to steal data being processed in your computer memory. Normally, applications can’t do that because they’re isolated from each other and the operating system. However, this CPU bug breaks that isolation.
So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.
So, what should you do about this?
Businesses need to update and patch all machines on their network. That will take some time - some patches aren’t even available yet. You may also need to replace some mission-critical computers to fix this.
In the meantime, anyone using a computer needs to be extra vigilant, with security top of mind and Think Before You Click.
Meltdown & Spectre Vulnerabilities Data Page
Data collected and updated by the team that discovered the issue.
Apply security-related patches to computer sooner, not later
New technology creates challenges as well as opportunities
4 Steps to help keep your connected gadgets secure
NPR News Articles:
LISTEN: Cybersecurity Researchers Find Major Flaws in Widely Used Computer Chips
READ: Intel Acknowledges Chip-Level Security Vulnerability in Processors