You might have heard about Meltdown and Spectre recently, and no, they aren't the latest in the James Bond movie series.
Unfortunately, these villainous-sounding entities are actually massive security flaws across a ton of processing chips, mostly from Intel. And because of the widespread nature of these vulnerabilities, almost everyone with a computer is affected.
If you haven't already heard about these security flaws, then here's what you need to know.
Not One Flaw, But Two
Three research teams independently discovered the Meltdown vulnerability, while two individuals discovered and reported Spectre. These are both extremely serious vulnerabilities, and could leak passwords and other sensitive data (like everything from your browser history to private email conversations, personal photos, instant messages, critical documents, and more).
These two bugs act differently, but both can result in devastating attacks. Meltdown allows the potential for malicious programs to gain access to parts of a computer's memory. Spectre, on the other hand, can be exploited to outright steal data from the memory of other applications running on a machine. Researchers initially found that Meltdown seemed to be limited to Intel processors. And while that seemed like good news for AMD and ARM owners, the same researchers verified Spectre attacks on those as well.
It's a Decades-Old Problem
These flaws aren't anything new, and that's the really scary part. They were introduced into Intel chips twenty years ago. Yet somehow it remained undiscovered until now. This means that odds are, if you have a computer, you could be affected.
Meltdown is a bug that affects Intel and Qualcomm processors, and one type of ARM chip. Intel released firmware patches for its processors, and has been working with manufacturers like Apple and HP to ensure they're distributed.
There are two known Spectre exploits so far. It might be impossible to defend against it entirely in the long term, unless you update your hardware. It affects processors from Intel, ARM, AMD, and Qualcomm. The browsers Chrome, Firefox, and Edge/Internet Explorer all have early patches to fight Spectre. Apple is still working on a fix, although it hopes to release it within a few days.
The Fixes Should Improve Over Time
Speaking of fixes, they've already been rolling out, but not without issues. While many of them work, the ones Windows developed for AMD resulted in some PCs being unable to boot. This prompted Windows to halt that process while it eliminated that issue, but it is releasing them again for select AMD processors.
Experts have already noted that these patches are being released at such speeds that it doesn't really allow for extensive testing. There could be further issues down the line, including other bugs and instabilities that will need to be addressed. Unfortunately, these patches might not even offer total protection.
This process won't be ending anytime soon. Concerns about security have already led to class-action lawsuits being filed against Intel in California, Indiana, and Oregon.
Since this is changing from day to day, and the solutions are piecemeal, the best thing you can do right now is stay up to date on the latest developments. Several pundits are saying that the current patches create more problems than they solve, so it might be best to wait for updates that are well reviewed. We recommend staying on top of the news through Wired if you need advice on how to protect yourself.
Readers, have you seen any fallout from this security crisis? How will you respond to the discovery of Meltdown and Spectre? Let us know in the comments below.