Cybersecurity Alert: Meltdown & Spectre

Cybersecurity Alert: Meltdown & Spectre


Meltdown & Spectre | What to do about it

Your smartphone or computer contains a chip that hackers can exploit to get access to sensitive information. Are you protected?

If you're confused by the avalanche of early reports, denials, and conflicting statements about the massive security issues announced today, don't worry - you're far from the only one. Here's what you need to know about Meltdown and Spectre, the two huge bugs that affect practically every computer and device out there.

What are these flaws?
Bugs at a fundamental level that allow critical information stored deep inside computer systems to be exposed.

Who is affected?
Pretty much everybody.

Can this be fixed?
There are patches against Meltdown for Linux (KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

What is the difference between Spectre and Meltdown?
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory.

Billions of devices are affected by these security flaws revealed by cyber-security researchers on Thursday. The flaws affect processing chips made by Intel, AMD and ARM Holdings. That means if you use a desktop, laptop, smartphone or cloud service from Apple, Google, Amazon, or Microsoft you might be vulnerable.

It is important to note that the exploitation of either one of the vulnerabilities is virtually untraceable and almost impossible to detect. The attacks leverage technologies developed to improve performance on processors affecting millions using personal and cloud computing as well as mobile devices such as smartphones.

As a countermeasure to Spectre and Meltdown, software companies such as Microsoft and Apple have rolled out patches to protect against side-channel attacks and prevent kernel space and physical memory mapping available in user space.

We can help you patch, backup and install the latest software to keep your business up and running. Don't wait for it to happen to you! Contact us today at (561)969-1616 or email us at [email protected].