Now that the two critical chip flaws affecting virtually every smartphone, tablet, and computer are publicly known, tech companies are racing to issue security patches to mitigate or at least minimize the impacts of the bugs.
The security issues, known as Meltdown and Spectre, are probably the worst bugs found in processors ever and they might fundamentally change how chips will be designed moving forward.
Google’s Project Zero wrote that there is no single fix for all variants and each requires a specific method of protection.
Fortunately, it is believed that the vulnerabilities have NOT been exploited as of yet and there is no evidence that hackers have abused or are actively abusing them. Technical details about the flaws are still scarce, buying hardware and software vendors some time.
Since Meltdown is easier to exploit, these updates are addressing this flaw first. Spectre exploits are more difficult to execute and it’s not as critical as Meltdown right now, but fixes are also being prepared to deal with them.
Note: Meltdown is known as Variant 3 of this type of attack, affecting mostly Intel chips. Spectre attacks are Variants 1 and 2 and these are said to impact AMD, ARM and Intel chips.
In the meantime, prepare for these inevitable updates that you must apply as soon as you can to protect yourself from the “chip-ocalypse.”
Microsoft will likely push its fixes in this month’s Patch Tuesday updates for supported Windows systems. Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.
On Windows 10, click Start (Windows logo), choose “Settings,” select “Update & Security,” then on the “Windows Update” section, click on “Advanced Options.” (Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.) Under “Advanced Options,” just make sure the drop down box is set to “Automatic.”
Apple has also confirmed that its products are also affected by the chip flaws. The company wrote in a post that it has already released mitigations for Meltdown in iOS 11.2, macOS 10.12.2, and tvOS 11.2. This means Macs, iPhones, iPads, and Apple TVs are all impacted by either Meltdown or Spectre variants so make sure you keep all your Apple gadgets up to date. Note: The Apple Watch is not affected by Meltdown.
Google and Android
Google stated that it already issued security patches for its Nexus and Pixel phones. Chromebooks also received patches later this week.
Although the software fixes are ready, rollouts for other Android phones from companies like Samsung and LG, for example, will depend on the carrier and the phone manufacturers themselves. Keep checking for the latest updates for your Android gadget and apply them as soon as you can.
To manually update your Android gadget, Go to Settings >> scroll down, click on ‘About Phone‘ or ‘About Tablet.‘ (If you have a tabbed settings menu then this will appear in the ‘general‘ section) >> click software update >> click install now, install overnight, or later.
Firefox 57.0.4 has security patches for both Meltdown and Spectre exploits by disabling a feature called SharedArrayBuffer. Firefox ordinarily updates itself when you open it by default. To manually update, visit mozilla.com/firefox for the latest version.
Google recommends turning on an optional feature in its Chrome browser called Site Isolation to protect against the chip flaws for now. Proper security patches will be included in Chrome 64, due out on January 23.
To turn on Chrome’s Site Isolation, paste this on your Chrome address bar: chrome://flags#enable-site-per-process, then click Enable on “Strict Site Isolation.”
For more information about Chrome’s Site Isolation, click here.
Apple is set to release an update in the next few days for Safari for Macs and iOS to mitigate the Meltdown and Spectre exploits. Apple claims that its Safari fixes have no significant impact on its speed.
Microsoft Edge and Internet Explorer 11
As mentioned earlier, Microsoft will likely push its security fixes with this month’s Patch Tuesday updates and this will include patches for Microsoft Edge and Internet Explorer 11.
And don’t forget – Always follow computer safety basics
Aside from keeping your gadgets updated with the latest software, following basic computer safety practices should protect you from these threats.
Since these flaws still require malicious code to execute on your computer or gadget, avoid clicking on unknown links and attachments on emails and refrain from installing software and apps from unofficial sources.
As bad as it looks, there’s actually no real reason to panic. Performance hit or not, the incoming patches should mitigate Meltdown’s flaw. Spectre, on the other hand, is difficult to execute so its widespread impact will be fairly limited.