There’s a new security threat in town and this time it’s unlike anything we’ve seen before. Usually, it’s a software exploit. Annoying, yes, but fixable with a simple software update. But this new exploit works on a hardware level. And it functions because of a feature of the system, not because of a bug. What exactly do Spectre and Meltdown do? How can you protect yourself from them? Read on to find out.
What is Spectre and Meltdown?
Spectre and Meltdown are James Bond-ish names for two hardware level vulnerabilities with Intel CPUs. They’re not software based and they’re a result of a feature in modern processors, not a bug. They exploit something called Speculative Execution. In the most basic sense, the reason our processors are so fast is that they’re constantly predicting what’s going to happen next so as to minimize lag and delays.
But not all predictions are right or useful. Some of them are trashed. All that Spectre and Meltdown does is pushes your CPU into this Speculative Execution mode and records the output. This information could be anything – including your private or personal details.
Read more: Meltdown and Spectre Vulnerabilities FAQ: All Your Questions Answered
How to Protect iPhone, iPad
Now for some good news. According to Apple “there are no known exploits impacting customers at this time.” Apple has released new software updates for all three platforms to help “mitigate” the Meltdown issue. Update your iPhone and iPad to iOS 11.2 to stay safe. On your iPhone or iPad, go to Settings -> General -> Software Update to get started.
How to Protect Mac
On the Mac side, Apple patched the Meltdown vulnerability in macOS High Sierra 11.13.2.
According to Apple, Spectre only works via Javascript running on a web page (and not just by any installed app on your Mac). So all you have to do to safeguard from Spectre is to update to the latest version of Safari where Apple has patched the vulnerability that Spectre exploited.
Apple has patched the latest version of Safari 11.0.2 for macOS High Sierra, Sierra, and El Capitan. So even if you’re running El Cap, just update to the latest version of Safari and you should be fine. Go to the Updates tab in the App Store app to get started.
How to Protect Apple TV
To safeguard your Apple TV from these exploits, update to the latest tvOS 10.2 version from Settings -> System -> Software Updates -> Update Software.
How to Protect Your Apple Watch
If there’s any consolation in this world, both exploits don’t affect your Apple Watch.
How Do You Fix a Hardware Bug?
Apple is promising that these patches won’t slow down your phones and Macs. These prompt software updates are a good sign but these exploits won’t really be solved until the hardware itself is replaced. Apple has patched the known ways that Speculative Execution was able to access kernel memory. But that doesn’t mean that other exploits don’t exist. The PC industry as a whole has a new challenge. What comes after Speculative Execution?
What do you think of these new exploits? Share with us in the comments below.