- Reddit Relationships: Man laughs at girlfriend for using Microsoft PowerPoint during sex Thursday 8:59 PM
- The 15 Brad Pitt movies you need to see now, ranked Thursday 8:26 PM
- Facebook could face legal action over the Area 51 event Thursday 6:50 PM
- How to stream Texans vs. Chargers in NFL Week 3 action Thursday 6:40 PM
- Tekashi 69 alleges Cardi B was a Bloods gang member Thursday 5:55 PM
- Right-wing sites falsely claimed group of Somalis attacked man in viral video Thursday 5:00 PM
- Big creators risk losing checkmarks amid YouTube verification purge Thursday 4:56 PM
- How to stream Eagles vs. Lions in NFL Week 3 action Thursday 4:52 PM
- How to stream Steelers vs. 49ers in NFL Week 3 action Thursday 4:10 PM
- How to stream Bills vs. Bengals in NFL Week 3 action Thursday 4:03 PM
- Colt halts production of AR-15s for civilians Thursday 3:45 PM
- If you love long-winded, hashtag-heavy Instagram captions, these apps can help Thursday 2:54 PM
- Teen girls on TikTok have convinced the internet that they eat their tampons Thursday 2:33 PM
- Twitch streamer faces criticism for trying to defend racist jokes Thursday 2:03 PM
- How to stream Raiders vs. Vikings in Week 3 Thursday 12:55 PM
Security bugs and malware are commonplace in our connected world. With microchips in our mobile devices, wearables, computers, and even our home appliances, it seems something is always at risk of being attacked.
The latest scares, dubbed Meltdown and Spectre, are different, however. These vulnerabilities affect all x86 Intel CPUs shipped in the last 23 years. Reports also suggest that ARM and AMD processors are at risk, too. It doesn’t matter what operating system (OS) you’re running, and it’s not just your desktop—your smartphone is vulnerable too, as is data stored in the cloud on remote servers.
Meltdown and Spectre “exploit critical vulnerabilities in modern processors,” according to the official webpage on the matter, and give programs the ability to steal data being processed by your computer. Luckily, most OS makers were already made aware of the flaw and have patches available or in the works. Here’s where we currently stand, and what you need to do.
What to do to protect yourself against Meltdown and Spectre
On Wednesday, Microsoft issued a rare emergency Windows update to address the bug in Intel, ARM, and AMD chips. If you’re running Windows 10, it should have automatically downloaded and installed itself at 5pm ET. If you’re running an older system, Windows 7 or 8, the update is also available, but you may want to install it manually. The patch won’t automatically download until Tuesday next week.
In a statement to the Verge, Microsoft said that the company has “not received any information to indicate that these vulnerabilities had been used to attack our customers.”
If you’re running the latest version of macOS, you’re partially in the clear. If not, it’s time to start updating.
In macOS 10.13.2, Apple has eliminated “most, if not all” of the security concerns presented by the KPTI bug in Intel chips, according to AppleInsider. The next update, currently in development, should provide additional protections. To offer more protection against Spectre, Apple plans to release an update for Safari on macOS (and iOS, as well) “in the coming days.”
Over the past few months, some Linux patches have been released that address the issues presented by Meltdown and Spectre, but developers are working on directly addressing the Intel flaw in an upcoming kernel update. Those with Linux servers can follow the instructions here to update their systems.
Chrome and web browsers
Chromebook owners running Chrome OS 63, released Dec. 15, are protected against the flaw. The Chrome web browser also has an experimental opt-in tool called site isolation, which you can enable to help guard against Spectre hacks. Otherwise, a new patched version of Chrome is coming out Jan. 23. Other web browsers, such as Edge, Firefox, and Internet Explorer, already have patches in place in their respective latest versions.
If you’re on an Android device and you’ve downloaded the most recent security update (issued monthly), congratulations—you’re in the clear. Your device is already patched against the threats of Meltdown and Spectre. If you’re not sure, you can head to your phone’s settings, then About Phone, and scroll to “Android version” and “Android security patch level” to check what version you’re running. You can then head to System, then System Update to download the latest update if you haven’t done so already.
In its security blog, Google details what devices are safe from the vulnerability and what products may need action on your part to ensure your data is protected. On top of that, Google researchers have ascertained that “exploitation has been shown to be difficult and limited on the majority of Android devices.”
Apple has confirmed in a support document that iOS and macOS devices are both vulnerable to Meltdown and Spectre, but its implemented security guards in recent updates against Meltdown-based attacks. Additional mitigation techniques against Spectre will come in a release in the next few days. The Apple Watch isn’t affected by the bugs.
Microsoft is planning scheduled maintenance for Azure on Jan. 10, and Amazon is planning a major security update to its AWS system in February. In a statement, Amazon said that most of its virtual machines are already protected. Don’t be surprised if you see downtime or slower performance in the coming days as these companies and others continue to update their systems against this critical security flaw.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.