Meltdown and Spectre are bugs that have been found in all CPUs manufactured by Intel, AMD and ARM. This means that they affect nearly every operating computing system in existence – PCs, laptops, smartphones, tablets, and more.
Both bugs allow for sensitive information – including banking details, passwords and cryptographic keys – to be stolen by hackers. Spectre specifically allows systems to be tricked into giving up sensitive info to hackers. Researchers have called these two the “worst ever” bugs in the history of computing.
However, at this time there is no evidence that the flaws have been exploited. But now that the information is in the open, it is expected thay hackers will have a go at it.
The bugs were discovered in 2017 by Google researchers and all parties involved were notified in June. Since then, different parties have worked behind the scenes to patch their systems.
Apple and Microsoft are reported to have released patches for desktop computers affected by Meltdown, while a patch is also available for Linux. Google has acted too.
Apple has confirmed that they are acting to protect users of their products. A blog statement by the company says;
All Mac systems and iOS devices are affected [by Meltdown], but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a confirmed app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown.
Patches are on the way for Spectre. Other vendors continue to release patches as they work to protect systems around the world.
What You Can Do About Meltdown And Spectre
Google says that Android smartphones and tablets running the latest security updates released this January 2018 are already protected, and that users of Chromebooks have to install updates to fix the issues.
At the moment, not many Android smartphones are running on current software. Only a small percentage of existing devices run Android 8 Oreo. If history is to go by, many of them never will. These devices remain vulnerable to Meltdown and Spectre.
In other words, moat Android users are sitting ducks. This is one time you would like to own a Nexus, Pixel, Nokia or BlackBerry smartphone. Those brands get Android security updates in the most timely manner.
If your smartphone is not in one of those classes, you are largely on your own. One thing you can do is be careful where you download uoir apps from.
Devices running iOS 11.2 are already protected against Meltdown. If your iDevice is running older software, an update is strongly recommended. An iOS fix for Spectre is on the way.