Meltdown and Spectre security bugs put all ‘modern’ computers at risk, but partial fixes are out
Just a few months after that scary KRACK (Key Reinstallation Attack) security flaw affecting Wi-Fi connections on essentially all major software platforms was revealed to the public following lengthy confidential research, an even worse computer vulnerability is now making a lot of terrifying headlines.
Technically, the world is dealing with two separate but similar glitches, nicknamed Meltdown and Spectre, which several independent researchers and security experts spent quite some time analyzing and trying to fully understand.
The good news is every tech titan under the sun also worked behind the scenes of late on patches and “mitigations” for these critical vulnerabilities, many of which are rolling out as we speak or getting ready to hit at-risk devices any day now.
The extremely bad news is pretty much every desktop, laptop, cloud server, smartphone and any other gadget powered by a “modern processor capable of keeping many instructions in flight” is “potentially vulnerable” and will stay that way for at least a bit longer. No, Intel chips aren’t the only ones exposed, with AMD and ARM architecture found to be just as unprotected.
Without going into too much detail, we should stress Spectre is both harder to exploit and harder to mitigate. Basically, there are no permanent, exhaustive fixes out for any OS, browser or processor ensuring a skilled and patient enough attacker can’t “trick error-free programs” into “leaking their secrets.” All anyone can do at the moment is prevent certain known exploits.
As far as Meltdown is concerned, everyone from Google to Apple, Microsoft and Mozilla has figured out foolproof ways to protect Androids, iPhones, Macs, Windows PCs and so on against unauthorized access to “the memory, and thus also the secrets, of other programs and the operating system.” Don’t hesitate to install the latest security updates therefore, as long as various device manufacturers grasp the gravity of the situation, speeding up their often sluggish software “optimization” process.