The recently discovered Meltdown and Spectre processor security flaws are two of the worst security threats we’ve ever witnessed. If exploited, they’d let hackers use malicious apps to extract sensitive data from computers and mobile devices, and nobody is safe. The list of affected devices includes almost every gadget with an Intel, ARM or AMD chip inside: Smartphones, tablets, laptops, desktops, enterprise, and cloud servers regardless of the operating system they run.
The ideal fix would be replacing all the chips in these devices with new ones that come without the hardware issues. That’s not feasible, however, so the next best thing is fixing everything via software updates.
The good news is that there haven’t been observed any cases of malware that takes advantage of the Meltdown and Spectre vulnerabilities. But that doesn’t mean you’re entirely safe. You can already take measures to protect yourself though, and we’ll tell you everything you need to do.
Fixes will come from a wide range of sources, including chipmakers themselves as well as the companies whose operating systems run on devices powered by Intel, ARM, and AMD chips. Other software vendors that may be impacted by the flaws are also taking active measures to prevent them. Here’s what everyone is working on.
Chipmakers
Intel
Intel, whose chips power most Linux, Mac, and Windows computers out there, has been rather silent on the fixes that are in the works. But rest assured the company is working with its partners on the patches. It can’t afford not to deal with these problems.
ARM
ARM, on the other hand, detailed in a blog post everything it knows about the vulnerabilities Google and others have discovered.
AMD
AMD seemed reluctant to admit its chips can be affected by the issue, but the company addressed the matter in a blog post that explains that Spectre will be addressed via software updates from device makers.
Software and OS providers
Anti-virus software
Why are anti-virus software companies important? Well, it looks like some of their products will be affected by the incoming Windows patch, and Microsoft requires all of them to update their products so they don’t cause boot issues. More information available in this Microsoft support document.
Apple
Apple acknowledged in a note to customers that all its macOS and iOS devices are affected (Apple Watch not included), not just older models as was believed earlier this week. Apple released mitigations in iOS 11.2, macOS 10.13.2 and tvOS 11.2 to defend against Meltdown. A Safari update in the coming days should fight Spectre attacks.
As one of the entities responsible for discovering the Meltdown and Spectre flaws, Google released a detailed explanation that includes fixes for Android, Google Apps, Google Chrome, Chrome OS, and the Google Cloud Platform.
In some cases, no action is needed. If you have the latest security update on Android, if you’re a Google Apps user, or if you use any other Google products including Home, Chromecast, Wifi, and OnHub, you should be OK. Chrome and Chrome OS users will need to update their products — read more about it in the mitigation section at this link.
Linux
The Linux kernel already received updates to fix the issues, and you can download them at this link.
Mozilla
Mozilla is fighting Spectre by taking steps against malicious web apps that could try to take advantage of the flaws when users visit websites. You need to update Firefox to version 57 or later — here’s all the info.
Microsoft
Microsoft is obviously one of the companies that os most affected by the issue, given the massive number of Windows users out there. Yes, there are more Android users around the world, but getting malware on a computer is still much more common. And these flaws can be only exploited through malware.
Microsoft addressed the issues in a blog post. Windows 10 computers will be patched on January 9th, as well as other systems. However, Windows XP isn’t included since it’s no longer supported.
Windows users should know that a small number of anti-virus programs may interfere with the patches that are about to roll out. These issues are serious as they may prevent the computer from booting. Before you update, you should give this Microsoft support document a read to make sure your system isn’t affected.
VMWare
As a provider of virtualization software, VMWare also issued an update on its site that explains how customers can protect against the vulnerabilities.
The cloud
Amazon
Amazon operates one of the most important cloud services out there, but the company said that most of its systems have already been protected. The remaining units should be fixed soon. Amazon’s documentation on the matter is available at this link. The company still advises users to patch their systems, even if cloud are fixed.
Citrix
Citrix posted an update on its site that explains which products may be affected and what steps to take if that’s the case.
In its security update, Google explained that all its cloud products are protected against Meltdown and Spectre. But there are some cloud products including Compute Engine, Kubernetes Engine, Cloud Dataflow, and Cloud Dataproc that will require user action. Google provided links to fixes for each of these cloud products
Microsoft
Microsoft also operates a major cloud business, but Microsoft Azure customers are already protected, the company said in an advisory. Some users may have to reboot their machines, but their Azure cloud instances should be safe
You
That’s right: YOU play a major role in all of this. Not all of these software fixes will be released at the same time. Make sure you stay on top of new developments and update your devices as soon as relevant patches are rolled out.
In the meantime, stay away from apps from shady sources and don’t click on links from people you don’t know. It’s likely that some hackers are working on malware that could take advantage of these particular flaws.
To that end, double-check your sensitive accounts for unauthorized access until someone can tell us that the Meltdown and Spectre vulnerabilities have been fixed for good. On that note, let’s remember these are software fixes, and if hackers find a way around them, they’d still be able to take advantage of the hardware flaws.
Ultimately, upgrading your devices will be the only true fix.