On the 2nd January 2018, the global manufacturers of computer processor chips released details of fundamental design flaws affecting chips made in the last two decades, which make them vulnerable to hardware-based exploits. The Meltdown and Spectre flaws are found in many modern computer processing units, or microchips – made by Intel and ARM, and together the firms supply almost the entire global computer market. This affects all operating systems and hardware, including phones and tablets.
Although there is no evidence that either vulnerability has been exploited yet, it is strongly advised to only download software from a trusted source to avoid “malicious” apps from being installed. Device manufacturers are working with Intel, ARM and AMD to fix these flaws.
As this is breaking news and new revelations are still emerging, we will update this post as any new fixes for Meltdown and Spectre are found.
What are Meltdown and Spectre?
In simple terms, both exploits use somewhat similar core concepts. All modern processors use various features and techniques, including out-of-order execution (OOOE), branch prediction and speculative execution to improve performance. The problem is that all of these have the potential to execute malicious code which can cause changes to the cache state and then cache attacks can be used to try and read data from RAM out of the cache, therefore gaining access to otherwise secure data such as passwords, credit card numbers or bank details.
How to protect against the Meltdown and Spectre CPU security flaws
Microsoft has already released a security update on Wednesday 3rd January for Windows 10, as well as previous versions of Windows. Windows 10 should download the update automatically.
Microsoft has also already released fixes for many of its services.
Apple said it had already released “mitigations” against Meltdown in its latest iPhones and iPad operating system update – iOS 11.2 and the macOS 10.13.2 for its MacBooks and iMacs.
At M247 we have created a specialised team to proactively access risk across our estate and respond to vendor patches to ensure that all our systems are protected. We have already ensured that all our IT Systems are up-to-date with the latest recommended patches.
Our team have also ensured that the M247 anti-virus definitions are up-to-date and will apply the latest definitions as they are released to address the current threat and ensure all endpoints are up-to-date.
We would like to reassure all our customers that have data residing on the M247 platform that our specialised team are monitoring the situation closely and will respond to vendor patches to ensure we are taking the appropriate action to protect our customers.
To help make sure all your systems are safe, please follow our tips below
- ONLY install software from trusted sources.
- ALWAYS use anti-virus software and ensure you have the latest updates installed.
- Make sure ALL your operating systems have the latest patches installed.
- Install any firmware updates from your device manufacturer. Firmware updates should be available on your device manufacturer’s website.
- Be wary of visiting unsafe of unreliable sites.
- NEVER click on a link that you do not trust on a web page or access to Facebook or messaging applications.