Recently uncovered two huge processor vulnerabilities called Meltdown in addition to Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products.
The issues apply to all modern processors in addition to affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, in addition to more), smartphones in addition to some other computing devices made from the past 20 years.
What are Spectre in addition to Meltdown?
We have explained both, Meltdown (CVE-2017-5754) in addition to Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article.
In short, Spectre in addition to Meltdown are the names of security vulnerabilities found in many processors through Intel, ARM in addition to AMD which could allow attackers to steal your passwords, encryption keys in addition to some other private information.
Both attacks abuse ‘speculative execution’ to access privileged memory—including those allocated for the kernel—through a low privileged user process like a malicious app running on a device, allowing attackers to steal passwords, login keys, in addition to some other valuable information.
Protect Against Meltdown in addition to Spectre CPU Flaws
Some, including US-CERT, have suggested the only true patch for these issues is actually for chips to be replaced, however This specific solution seems to be impractical for the general user in addition to most companies.
Vendors have made significant progress in rolling out fixes in addition to firmware updates. While the Meltdown flaw has already been patched by most companies like Microsoft, Apple in addition to Google, Spectre is actually not easy to patch in addition to will haunt people for quite some time.
Here’s the list of available patches through major tech manufacturers:
Windows OS (7/8/10) in addition to Microsoft Edge/IE
Microsoft has already released an out-of-band security update (KB4056892) for Windows 10 to address the Meltdown issue in addition to will be releasing patches for Windows 7 in addition to Windows 8 on January 9th.
however if you are running a third-party antivirus software then the idea is actually possible your system won’t install patches automatically. So, if you are having trouble installing the automatic security update, turn off your antivirus in addition to use Windows Defender or Microsoft Security Essentials.
“The compatibility issue is actually caused when antivirus applications make unsupported calls into Windows kernel memory,” Microsoft noted in a blog post. “These calls may cause stop errors (also known as blue screen errors) which make the device unable to boot.”
Apple macOS, iOS, tvOS, in addition to Safari Browser
Apple noted in its advisory, “All Mac systems in addition to iOS devices are affected, however there are no known exploits impacting customers at This specific time.”
To help defend against the Meltdown attacks, Apple has already released mitigations in iOS 11.2, macOS 10.13.2, in addition to tvOS 11.2, has planned to Discharge mitigations in Safari to help defend against Spectre from the coming days.
Android users running the most recent edition of the mobile operating system released on January 5 as part of the Android January security patch update are protected, according to Google.
So, if you own a Google-branded phone, like Nexus or Pixel, your phone will either automatically download the update, or you’ll simply need to install the idea. However, some other Android users have to wait for their device manufacturers to Discharge a compatible security update.
The tech giant also noted which the idea’s unaware of any successful exploitation of either Meltdown or Spectre on ARM-based Android devices.
Firefox Web Browser
Mozilla has released Firefox edition 57.0.4 which includes mitigations for both Meltdown in addition to Spectre timing attacks. So users are advised to update their installations as soon as possible.
“Since This specific brand-new class of attacks involves measuring precise time intervals, as a partial, short-term mitigation we are disabling or reducing the precision of several time sources in Firefox,” Mozilla software engineer Luke Wagner wrote in a blog post.
Google Chrome Web Browser
Google has scheduled the patches for Meltdown in addition to Spectre exploits on January 23 with the Discharge of Chrome 64, which will include mitigations to protect your desktop in addition to smartphone through web-based attacks.
from the meantime, users can enable an experimental feature called “Site Isolation” which can offer some protection against the web-based exploits however might also cause performance problems.
“Site Isolation makes the idea harder for untrusted websites to access or steal information through your accounts on some other websites. Websites typically cannot access each some other’s data inside the browser, thanks to code which enforces the Same Origin Policy.” Google says.
Here’s how to turn on Site Isolation:
- Copy chrome://flags/#enable-site-per-process in addition to paste the idea into the URL field at the top of your Chrome web browser, in addition to then hit the Enter key.
- Look for Strict Site Isolation, then click the box labelled Enable.
- Once done, hit Relaunch today to relaunch your Chrome browser.
The Linux kernel developers have also released patches for the Linux kernel with releases including versions 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 in addition to 3.2.97, which can be downloaded through Kernel.org.
VMware in addition to Citrix
A global leader in cloud computing in addition to virtualisation, VMware, has also released a list of its products affected by the two attacks in addition to security updates for its ESXi, Workstation in addition to Fusion products to patch against Meltdown attacks.
On the some other hand, another well-liked cloud computing in addition to virtualisation vendor Citrix did not Discharge any security patches to address the issue. Instead, the company guided its customers in addition to recommended them to check for any update on relevant third-party software.