New Year started with three massive security flaws in Intel, AMD, ARM and other processors. Apple confirmed the security flaw yesterday night however Microsoft issued a security patch for all supported versions of Windows, including Windows 7, Windows 8.1 and Windows 10, but also added that users should also install firmware updates when they become available. Google addressed the flaw in Android OS in January 2018 update, although only Google-managed devices have it now. Patches for macOS, iOS and Linux may not yet be fully available.
How the Attacks Work
You may have heard about @Intel's horrific #Meltdown bug. But have you watched it in action? When your computer asks you to apply updates this month, don't click "not now." (via https://t.co/J84n79LRIA & @misc0110) pic.twitter.com/cWEiZWZdcJ
— Edward Snowden (@Snowden) January 4, 2018
A Google blog posting explained that the flaws made it possible so that “an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.”
“Meltdown breaks the most fundamental isolation between user applications and the operating system,” the Meltdown and Spectre websites explained. “This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.”
“If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information.”
Meltdown was named as such because it “basically melts security boundaries which are normally enforced by the hardware.”
If you are Windows 7, 8.1 or 10 user, you should apply the Windows security update released today.
“Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities,” a Microsoft support document posted online said. “In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.”
Apple users should install future updates by clicking the Apple icon, selecting App Store, clicking Updates, and clicking Update next to any items from Apple.
Linux machines will also require patches, and it appears that something may be almost ready.
For Android users, the January 2018 Android security patch fixes the flaw, though only a small percentage of Android devices will receive it for now.