Two vulnerabilities in modern computers were recently found, Meltdown and Spectre. They allow hackers “to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in cloud computer networks”.
The bug called Meltdown allows software to jump over protections that would normally restrict access to a device’s memory, giving hackers access to core functions and data.
In the case of Spectre, the flaw is so deeply embedded in the way modern chips are designed that while some patches can stop known exploits, fully fixing it could require redesigning computer chips and then replacing those currently in use.
These exploits are attractive to cyber criminals because they enable complete administrative access to an infected computer’s data. Malicious software that take advantage of these exploits will be able to steal whatever data they want: passwords, financial data and information from other applications.
So now that we know this exists what can we do?
- The major operating system manufacturers (Microsoft – Windows, Apple – MacOS) have released updates that resolve the Meltdown exploit, and address the Spectre exploit to make it far more difficult for hackers to take advantage of.
- Here’s additional information on the Windows update: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892
- And here is information about the supplemental update Apple released if you have Mac OS: https://support.apple.com/en-us/HT208397
- Reset your passwords. If you don’t use a password manager, get one! It’ll generate new passwords for your accounts in one-click. Ensuring they are unique and complex for each account.