At the end of last week, researchers announced two major industry-wide security flaws in processing chips that affect billions of devices. If successfully exploited, they may allow hackers access to sensitive information. The flaws, named "Spectre and Meltdown", are significant for two reasons. First, anyone using a computer, smartphone or cloud service may be affected. Second, the flaws were detected in the hardware, the actual chip, as opposed to software, which makes them difficult to fix. While at first it was unclear whether Apple devices were at risk, the company confirmed that iPhones, iPads and Mac computers may be affected.
But how can these flaws even work? The key lies in the composition of the processor. Over the years, processing chips have been developed to be better and faster on a rapid scale. Some of you might still remember when it used to take some time to load a program on your computer - now it doesn't even take a second. In order to process faster, newer chips utilize a temporary storage that pre-loads the data needed to execute programs and switches between two modes - the operating system and the software programs mode. This is the key to "Meltdown" - the separation of the two modes was thought to provide data security. Due to the intersection between the two areas, attackers could now cross these limits and compromise sensitive data. "Spectre" on the other hand focuses on exploiting data between multiple software programs in use by having programs "spy" on each other.
At this point, it is unsure if either flaw has been exploited successfully. Companies and researchers disagree whether exploits could be executed relatively easily or whether it takes a skilled hacker to launch an attack. While a whole new generation of computer chips may be necessary to eliminate risk completely, the goal for now is to limit risk by protecting against known malware that could launch these attacks. Companies are working around the clock to release software updates for various operating systems and programs.
While there is no reason to panic, there are some things you can (and should) do. Now especially, it is important to run up-to-date virus and malware protection and use caution online. Most importantly, update your software! Companies will continuously release updates for operating systems, browsers and other software over the next few days - make sure you are up-to-date! If you have questions about a specific device or program, contact the manufacturer for the latest information about updates.
