An Update on Spectre and Meltdown

Computer owners, beware! In early January, we learned about two massive security flaws in most of the CPUs used in computers built during the past two decades. Attackers can use the flaws, named Spectre and Meltdown, to access sensitive data stored in a computer chip, including passwords and files. During the past several weeks, the world’s top semiconductor companies, including Intel and AMD, have been issuing patches and updating their customers on the nature of the threats. Here is an overview of what we currently know.

  • The Discovery
    • Google’s “Project Zero” team has been credited with discovering the vulnerabilities.
  • The Flaws
    • The Spectre and Meltdown security flaws have affected millions of chips for roughly 20 years. Spectre and Meltdown are variations of the same vulnerability. They exploit the fact that processors perform “speculative execution,” which is a process that enables a processor to speed up routine tasks by doing work ahead of time and guessing at data to fetch. The threat is real. An attacker can use a program to force a device to reveal sensitive data. More Information
  • Details and Updates
    • A variety of companies and organizations have been maintaining webpages with technical details and updated information about the vulnerabilities and patches. Intel and Austria-based Graz University of Technology are two widely referenced resources.
  • Be Careful
    • We have heard about tools available for download that purportedly detect whether your devices have been infected by Spectre and Meltdown. Be careful about what you install. It could be malware. We have also read about fake patches. More Information
  • Looking Ahead
    • Some semiconductor industry leaders are predicting that we are likely to see similar threats in the future. Simon Seggars, CEO of ARM, said at CES: “The reality is there are probably other things out there like it that have been deemed safe for years.”