Unfortunately, I bring news of some security vulnerabilities that have recently been exposed known as Meltdown & Spectre.
Does this affect me?
Yes, almost certainly, Desktops, Laptops & Smart Phones made in the past 15 years are all at risk.
What’s at Risk?
Anything that you enter into the computer, such as passwords, credit card details and other private information could be at risk if hackers are able to exploit these vulnerabilities. Currently there are no known cases of compromised systems in the wild, but information has just been publicly leaked this week. So moving forward, hackers will be working to reverse engineer the fixes to identify the source of the vulnerability. Whilst it’s less likely general consumers will be targeted, the risk is still there, and could be exploited.
What can I do about it?
The vulnerabilities can be mitigated by software updates, so ensure your operating systems & internet browsers are updated. It’s also worth checking your computer manufacturer websites for firmware updates. Security patches have already been released by Microsoft & Apple and there are likely to be more patches in the coming weeks/months. If you’re comfortable with updating and staying updated yourself, I have provided some additional information below that may be useful to you.
Need my Help?
If you’re not sure whether you’re updated, or you’d like me to manage your updates for you, you can sign up to my support contract here (For windows based devices) from as little as £5/month:
Meltdown is easier to exploit and is currently known to only affect Intel processors. There are Windows 7, 8.1 & 10 patches to mitigate against this (see below). If you’re using an Apple Mac, ensure you’re running El Capitan, Sierra or High Sierra.
You may notice a performance decrease from 5% up to 30% on your intel based device. If you’re considering buying a new device, then get it touch.
Almost all systems are affected by spectre, this is not so easily dealt with and as the name suggests, will ‘haunt’ us for some time.
You can read more about them here:
Please Update your Browsers to the latest versions:
- Firefox – Fixed in version 57.0.4
- Internet Explorer & Edge – Included in Windows Update (see below)
- Chrome – Fixed in Version 64 to be released on/around 23rd January. For temporary (experimental protection), you can turn on Site Isolation - https://support.google.com/chrome/answer/7623121?hl=en-GB
- Safari – Will release an update in “coming days” https://support.apple.com/en-us/HT208394
A security patch has been Implemented for macOS (MacBook, iMac, Mac) 10.13.2 devices running El Capitan, Sierra & High Sierra. Mitigations have been released in iOS (iPhone/iPad) & tvOS (Apple TV) version 11.2:
Apple watches are not affected by Meltdown but will issue future Spectre mitigations for watchOS.
If you're using a Chromebook, update to Chrome OS version 63 which was rolled out in December. Old chromebooks may not be eligible for the patch. In the short term, you can turn on site isolation, as above in the Chrome browser.
Google Home, Chromecast, WiFi, OnHub, Gmail, Apps and other consumer-facing services are unaffected.
Android have released their January Update to mitigate the effects of Spectre:
Updating your phone/tablet with this patch is often out of your control and you must wait for your manufacturer/network provider to issue the latest software update.
The following Windows Updates have been Issued by Microsoft, some may not be released until 09/01:
Windows 10 - 1709: KB4056892
Windows 10 - 1703: KB4056891
Windows 10 - 1607: KB4056890
*These updates will only be available if your antivirus software supports the update. If you’ve purchased Malwarebytes or Emsisoft from me, the update is supported. For currently supported virus checkers, review this list:
If a vendor is supported, but the registry key hasn’t been set, in theory this can be done manually, but I would consult your provider for more information before doing so.
Windows Vista & XP Systems are not supported, if you’re running one of these operating systems, I’d suggest purchasing a new system, contact me for more information.