Intel, ARM and AMD Microchip Scare
The media has today leaked news of serious security flaws caused by “speculative execution,” (a technique used by most modern processors (CPUs) to optimise performance) which leaves them vulnerable to attacks by hackers. Researchers discovered gaps in security, stemming from central processing units – better known as the chip or microchip – which could allow an unauthorised party to read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.
There are two separate security flaws known as Meltdown and Spectre.
- Meltdown affects laptops, desktop computers and internet servers.
- Spectre potentially has a wider reach. It affects chips in smartphones, tablets and computers powered by Intel, ARM and AMD.
The UK’s National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited. But now that it has been made public, there’s concern the bugs are discoverable and may be taken advantage of.
How do I protect my computer?
Device makers and operating system providers are pushing out security updates, or patches, which will protect your computer, tablet or phone against a breach that uses the Meltdown vulnerability. Users should install these updates as soon as they are made available.
Microsoft, Apple and Linux, the three major operating system makers, are all issuing patches, though Apple has not said precisely when.
Microsoft released an emergency Meltdown patch for Windows 10 beginning 4 January, it will subsequently be applied to Windows 7 and 8 machines.
Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update when it comes. Chrome web browser users are expected to receive a patch on 23 January.
Security updates are also in the works for Apple laptops and desktops, though it is not clear whether iPhones and iPads are vulnerable.
Cloud services for businesses, including Office 365, Amazon Web Services and Google Cloud Platform, say they have already patched most services, and will fix the rest soon.
What do I need to do?
During this time we encourage users to be extra vigilant with regards to opening emails/attachments etc. as well as not downloading and installing software off the internet (such as free applications that may contain bundled malware). Computers and other devices should be updated with the latest releases of updates as and when they become available.
Neuways will be pushing out security updates to servers as soon as they are released to protect against this vulnerability.