Updating software crucial to ward off Meltdown and Spectre

2018-01-10 14:36 - Kyle Venktess
Post a comment 0


Johannesburg - Updating software is crucial to protect PCs and some smartphones against security vulnerabilities from Spectre and Meltdown, according to experts. 

Spectre and Meltdown are two security flaws unique to products form processor manufacturing company Intel. They affect processors by making them vulnerable to viruses that could steal data.

In early December Intel began distributing firmware updates to try and stop the vulnerabilities. (Firmware provides low-level control for a device's specific hardware.)

The group intends to provide further updates until the security vulnerability problem has been resolved - likely before the end of January.

Researchers at Google Project Zero exposed the flaws, showing how a hacker could exploit them to get passwords, encryption codes and other data. Up to that point there had, however, not been reports of any attacks using the vulnerability.

"Ensuring the security of our customers’ data is job one," Intel said in a statement on Tuesday.

"To help keep our customers’ data safe, we have been focused on the development and testing of the updates. We still have work to do to build a complete picture of the impact on data centre systems."

The company added that it has as yet not received any information indicating that these exploits have been used to obtain customer data. 

According to numerous computer manufacturers, Meltdown can affect a wide range of devices, if they run any but the most recent and patched versions of Windows, MacOS, Linux and iOS.

Intel explained that the Spectre vulnerability displays similar characteristics to Meltdown. Spectre forces operating systems to access random locations in the programme’s memory space, but does not rely on a specific feature of a single processor's memory management, as Meltdown does. 

Bruce Schneier, chief technology officer of IBM Resilient, said in his blog that Spectre and Meltdown could allow malicious apps on smartphones to steal data from other apps. 

Schneier said a malicious programme on a computer - for instance, one running in a browser window from a sketchy site being visited, or as a result of a phishing attack - can steal data elsewhere on a machine. 

“Cloud services, which often share machines among several customers, are especially vulnerable. This affects corporate applications running on cloud infrastructure, and end-user cloud applications like Google Drive. Someone can run a process in the cloud and steal data from every other user on the same hardware,” Schneier said in his blog post. 

Software update

Most software updates for all devices are done automatically when connected to Wi-Fi. Therefore, as a further precaution, security experts and numerous companies, advise to, in general, regularly check for software updates. 

According to Business Insider, patching up your PC against Meltdown and Spectre will involve updating Windows 10.

As a shortcut, this can be done by clicking on the search bar at the bottom left screen. Then type "Update" then click "Check for Updates” and then click "Check for updates" again in the the Windows Update pop-up menu.

Computers running antivirus software might require the antivirus manufacturer to release the update. 

Business Insider also recommended users update any software from their PC manufacturer. Check the computer manufacturer's website for this.

Apple said on its website that it had released updates for iOS, macOS High Sierra and Safari on Sierra and El Capitan to help defend against Spectre. It is available from the App Store. 

The Apple Watch is unaffected by both Meltdown and Spectre.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

Read more about: intel  |  apple  |  spectre  |  windows