Update your software. For now, that's the best advice being dispensed in the wake of a new security threat that poses a risk to pretty much every modern tech device in existence, from laptops to smartphones. The security flaws known as Meltdown and Spectre are unique in that they are hardware bugs involving computer processors. "The ideal fix would be replacing all the chips in these devices with new ones that come without the hardware issues," writes Chris Smith of BGR. "That’s not feasible, however, so the next best thing is fixing everything via software updates." Details:
- The risk: It's pretty basic. "Both flaws provide hackers with a way of stealing data, including passwords and other sensitive information," explains the New York Times. "If hackers manage to get software running on one of these chips, they can grab data from other software running on the same machine." Cloud-computing services such as those offered by Amazon, Microsoft, Google, and IBM are vulnerable.
- The good news: There's no evidence that hackers have exploited the bugs yet, reports the AP.
- The basics: This primer hits the details. Of note: You probably wouldn't be immediately able to detect if you were affected, and an antivirus program may not be much help on that front.
- Intel: The chipmaker already has been hit by three class-action suits over the security issue, reports Gizmodo. Why? The Meltdown bug affects virtually every Intel chip made for years, and those chips are what power most PCs. A software patch can help, but there are concerns that the fix may slow down computers, notes Axios. (Those concerns may be overblown, per Errata Security.
- Spectre's paradox: Spectre is a potentially worse threat in that it affects chips not only from Intel but from rivals AMD and ARM. Worse, it may not be fixable because it involves "a fundamental flaw in the way processors have been built over the last decades,” says researcher Paul Kocher, per the Times. However, Spectre is also far more difficult for hackers to exploit.
- What companies are doing: BGR compiles responses and links to updates where applicable from the chipmakers and the likes of Google and Microsoft.
- Yes, Apple, too: It wasn't immediately clear whether the problem affected Apple, but the company has since confirmed that it does. Bottom line: "Update your iPhone and Mac now," per Tom's Guide. One exception: Apple watches aren't affected.
- Reiterating: "If you download the latest update from Microsoft, Apple, or Linux, then the problem is fixed for you and you don't have to worry," writes security researcher Rob Graham at Errata Security. "If you aren't up to date, then there's a lot of other nasties out there you should probably also be worrying about." One fallout: He predicts that this will force a redesign of CPUs and operating systems.
(Read more computer security