December 2017 was a relatively slow month in cybersecurity, but something is for sure in this industry: nothing stays the same for too long…
2018 started with the disclosure of two security vulnerabilities that affect some Intel and AMD processors called SPECTRE and MELTDOWN. I will spare you the technical mumbo jumbo but what I will tell you is that this is a very serious issue that – if exploited and so far, it hasn’t been – can compromise virtually any computer, tablet and smartphone in the planet. Yes, you read it right… Skynet is coming for us ☹
According to security expert Aryeh Goretsky, “reportedly the issue is that programs running in user-mode address space (the “normal” range of memory in which application software, games and the like run) on a computer can infer or “see ” some of the information stored in kernel-mode address space (the “protected” range of memory used to contain the operating system, its device drivers, and sensitive information such as passwords and cryptography certificates)”. Bruce Schneier adds “They affect computers where an untrusted browser window can execute code, phones that have multiple apps running at the same time, and cloud computing networks that run lots of different processes at once. Fixing them either requires a patch that results in a major performance hit, or is impossible and requires a re-architecture of conditional execution in future CPU chips”.
What do you need to do? Since this is not a Windows-only issue, at this point there is not much. Apple recommends only to install applications from trusted sources like the Apple Store; Microsoft has released patch updates (hence the need to keep your computer’s operating system always up to date) and Google is actively posting information on updates (their Project Zero unit was among the researchers who found the flaw). Also, keep your antivirus running and updated. Other vendors are working very hard on patches that will get deployed automatically in the upcoming days.