Share

Updating software crucial to ward off Meltdown and Spectre

Johannesburg - Updating software is crucial to protect PCs and some smartphones against security vulnerabilities from Spectre and Meltdown, according to experts. 

Spectre and Meltdown are two security flaws unique to products form processor manufacturing company Intel. They affect processors by making them vulnerable to viruses that could steal data.

In early December Intel began distributing firmware updates to try and stop the vulnerabilities. (Firmware provides low-level control for a device's specific hardware.)

The group intends to provide further updates until the security vulnerability problem has been resolved - likely before the end of January.

Researchers at Google Project Zero exposed the flaws, showing how a hacker could exploit them to get passwords, encryption codes and other data. Up to that point there had, however, not been reports of any attacks using the vulnerability.

"Ensuring the security of our customers’ data is job one," Intel said in a statement on Tuesday.

"To help keep our customers’ data safe, we have been focused on the development and testing of the updates. We still have work to do to build a complete picture of the impact on data centre systems."

The company added that it has as yet not received any information indicating that these exploits have been used to obtain customer data. 

According to numerous computer manufacturers, Meltdown can affect a wide range of devices, if they run any but the most recent and patched versions of Windows, MacOS, Linux and iOS.

Intel explained that the Spectre vulnerability displays similar characteristics to Meltdown. Spectre forces operating systems to access random locations in the programme’s memory space, but does not rely on a specific feature of a single processor's memory management, as Meltdown does. 

Bruce Schneier, chief technology officer of IBM Resilient, said in his blog that Spectre and Meltdown could allow malicious apps on smartphones to steal data from other apps. 

Schneier said a malicious programme on a computer - for instance, one running in a browser window from a sketchy site being visited, or as a result of a phishing attack - can steal data elsewhere on a machine. 

“Cloud services, which often share machines among several customers, are especially vulnerable. This affects corporate applications running on cloud infrastructure, and end-user cloud applications like Google Drive. Someone can run a process in the cloud and steal data from every other user on the same hardware,” Schneier said in his blog post. 

Software update

Most software updates for all devices are done automatically when connected to Wi-Fi. Therefore, as a further precaution, security experts and numerous companies, advise to, in general, regularly check for software updates. 

According to Business Insider, patching up your PC against Meltdown and Spectre will involve updating Windows 10.

As a shortcut, this can be done by clicking on the search bar at the bottom left screen. Then type "Update" then click "Check for Updates” and then click "Check for updates" again in the the Windows Update pop-up menu.

Computers running antivirus software might require the antivirus manufacturer to release the update. 

Business Insider also recommended users update any software from their PC manufacturer. Check the computer manufacturer's website for this.

Apple said on its website that it had released updates for iOS, macOS High Sierra and Safari on Sierra and El Capitan to help defend against Spectre. It is available from the App Store. 

The Apple Watch is unaffected by both Meltdown and Spectre.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.01
-0.5%
Rand - Pound
24.01
-0.5%
Rand - Euro
20.52
-0.3%
Rand - Aus dollar
12.35
+0.0%
Rand - Yen
0.13
-0.6%
Platinum
900.15
+0.4%
Palladium
1,000.00
-0.2%
Gold
2,209.40
+0.7%
Silver
24.58
-0.3%
Brent Crude
86.09
-0.2%
Top 40
68,189
+0.8%
All Share
74,373
+0.6%
Resource 10
57,035
+2.5%
Industrial 25
103,662
+0.4%
Financial 15
16,492
-0.2%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders