A set of security flaws being called Meltdown and Spectre that have been found in most modern devices could allow hackers to steal personal information from your computer, smartphone and tablet. Researchers at Google and other academic institutions discovered the problem last year but have only disclosed it earlier this month. After the news was released, tech companies scrambled to update their operating systems, web browsers and antivirus software to help guard against the attacks, but experts say the patches are unlikely to fully solve all the issues.
So, the two vulnerabilities are being called “Meltdown” and “Spectre”
Meltdown affects laptops, desktop computers and internet servers with Intel-based chips and could let hackers steal data, such as passwords saved in web browsers.
Spectre affects chips in smartphones and tablets, as well as computer chips from Intel, ARM Holdings and Advanced Micro Devices (AMD). Hackers can trick apps into leaking sensitive information.
Spectre is less dangerous than Meltdown but will be more difficult to fix. Researchers warned that Spectre is likely to haunt consumers for years.
Any device that use computer chips from Intel, AMD or ARM are at risk. This means almost every device out there. That includes the majority of Google’s Android phones and Windows PCs. All Mac systems and iOS devices are affected (iPhones, iPads, Apple TV). Web browsers, such as Mozilla Firefox, Safari and Google Chrome, are also at risk.
Microsoft, Apple and Linux — the three major operating systems on the planet — said they are all issuing updates. Apple said all Macs running the latest version of macOS, numbered 10.13.2, are safe. The same is true for all of their mobile devices running the latest iOS version 11.2 for iPhones and iPads.
Microsoft released an emergency Meltdown patch for Windows 10 on Jan. 4, which will also be applied to Windows 7 and 8 machines.
Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update. The release date for the update has not yet been set. Chrome web browser users are expected to receive a patch Jan. 23.
Intel said there are no known examples of hackers actually using these vulnerabilities to access information on consumers’ devices. But many security experts are saying that unless there is a permanent fix (such as replacing the chip), hackers may still find a way in.
It does looks like that. The ideal fix would be to replace all chips in these devices with new ones without the security issues. But obviously that is not feasible.
Security experts suggest making sure all of your digital devices have the latest’s updates since this is where the fixes will be applied.