Almost Everyone With a Computer Is Affected by These Security Flaws

And it's proving difficult to develop fixes to protect against them.
chip security

You might have heard about Meltdown and Spectre recently, and no, they aren't the latest in the James Bond movie series.

Unfortunately, these villainous-sounding entities are actually massive security flaws across a ton of processing chips, mostly from Intel. And because of the widespread nature of these vulnerabilities, almost everyone with a computer is affected.

If you haven't already heard about these security flaws, then here's what you need to know.

Not One Flaw, But Two

Three research teams independently discovered the Meltdown vulnerability, while two individuals discovered and reported Spectre. These are both extremely serious vulnerabilities, and could leak passwords and other sensitive data (like everything from your browser history to private email conversations, personal photos, instant messages, critical documents, and more).

SEE MORE: Vulnerabilities in Modern Computers Leak Passwords and Sensitive Data

These two bugs act differently, but both can result in devastating attacks. Meltdown allows the potential for malicious programs to gain access to parts of a computer's memory. Spectre, on the other hand, can be exploited to outright steal data from the memory of other applications running on a machine. Researchers initially found that Meltdown seemed to be limited to Intel processors. And while that seemed like good news for AMD and ARM owners, the same researchers verified Spectre attacks on those as well.

It's a Decades-Old Problem

These flaws aren't anything new, and that's the really scary part. They were introduced into Intel chips twenty years ago. Yet somehow it remained undiscovered until now. This means that odds are, if you have a computer, you could be affected.

Meltdown is a bug that affects Intel and Qualcomm processors, and one type of ARM chip. Intel released firmware patches for its processors, and has been working with manufacturers like Apple and HP to ensure they're distributed.

There are two known Spectre exploits so far. It might be impossible to defend against it entirely in the long term, unless you update your hardware. It affects processors from Intel, ARM, AMD, and Qualcomm. The browsers Chrome, Firefox, and Edge/Internet Explorer all have early patches to fight Spectre. Apple is still working on a fix, although it hopes to release it within a few days.

The Fixes Should Improve Over Time

Speaking of fixes, they've already been rolling out, but not without issues. While many of them work, the ones Windows developed for AMD resulted in some PCs being unable to boot. This prompted Windows to halt that process while it eliminated that issue, but it is releasing them again for select AMD processors.

Many of the patches cause more issues than they solve, so we expect more (and hopefully better) fixes in the future. We recommend staying on top of the latest developments through a site like Wired.

Experts have already noted that these patches are being released at such speeds that it doesn't really allow for extensive testing. There could be further issues down the line, including other bugs and instabilities that will need to be addressed. Unfortunately, these patches might not even offer total protection.

This process won't be ending anytime soon. Concerns about security have already led to class-action lawsuits being filed against Intel in California, Indiana, and Oregon.

Since this is changing from day to day, and the solutions are piecemeal, the best thing you can do right now is stay up to date on the latest developments. Several pundits are saying that the current patches create more problems than they solve, so it might be best to wait for updates that are well reviewed. We recommend staying on top of the news through Wired if you need advice on how to protect yourself.

Readers, have you seen any fallout from this security crisis? How will you respond to the discovery of Meltdown and Spectre? Let us know in the comments below.

Julie Ramhold
Senior Staff Writer/Consumer Analyst

Julie's work has been featured on CNBC, GoBankingRates, Kiplinger, Marketwatch, Money, The New York Times, Real Simple, US News, WaPo, WSJ, Yahoo!, and more. She's extolled the virtues of DealNews in interviews with Cheddar TV, GMA, various podcasts, and affiliates across the United States, plus one in Canada.
DealNews may be compensated by companies mentioned in this article. Please note that, although prices sometimes fluctuate or expire unexpectedly, all products and deals mentioned in this feature were available at the lowest total price we could find at the time of publication (unless otherwise specified).


Leave a comment!

or Register
I agree with jalx.

Cilvre, there is no way this is the only backdoor in consumer products. This one is in my opinion what /putsontinfoilhat they want you to focus on.


Honestly, in 20 years if no one has found out they were exploited through this method, do you really expect me to believe that people were being exploited this way? Not one single case in the last 20 years? Even when they found it recently it was just a "oh look at this a vulnerability" but no case of anyone being exploited, seems kind of suspicious. From reading, there are -no signs- that anyone used these to exploit anyone.
@jalx it's unknown if its been exploited, as it doesn't leave traces. It's potentially something governments have been using for some time even.
This flaw has been around for 20 years in the CPU chips we (consumers and enterprises) have all been using, and in all that time no hacker has been able to exploit it? Maybe this is simply an opportunity some smart people found for lawyers to make millions from class-action suits! LOL
Consider this source talking about google's fix for spectre and meltdown.