New Major CPU Security Flaws

Earlier this week, computer security experts announced the discovery of two major security flaws found in the processors of most of the world’s computers, smartphones, and cloud servers.

These flaws affect nearly every processor manufactured by Intel since 1995.

These defects encompass all modern processors capable of a performance feature called “speculative execution.” A process in which the CPU rapidly accesses multiple areas of memory in order to speed up the operation of your computer. This data is normally protected but experts have discovered bugs that potentially leave information exposed while being queued up for processing. This flaw creates the potential for sensitive data stored in the memory to be read.

These bugs have been aptly titled: Meltdown and Spectre.

Meltdown is essentially a security flaw which could allow a hacker to circumvent the hardware boundary between programs run by users and the memory of their computer that could potentially be storing sensitive information. Meltdown is a particular problem for the cloud computing services run by the likes of Amazon, Google, and Microsoft.

Spectre could potentially allow a hacker to trick programs that are running properly into unknowingly giving up sensitive information.

Both bugs carry with them the potential for unauthorized information access through side channels found in computer processors. The good news is chip manufacturers and security professionals have already been hard at work pushing forward patches and solutions to these known issues.  Currently, no known hackers have yet been able to take advantage of these flaws.

What Can We Do to Prevent Being Affected?

Typical computer users can relax when it comes to Meltdown and keep their systems up to date with security updates. More updates will be coming soon, so be on the lookout and do not hesitate to install them.

Spectre is a more complicated exploit and will take more time to mitigate. Future software patches are expected.

In these situations it is important to use tried and true digital security best practices:

  • Avoid unsecured websites
  • Do not open unknown email
  • Do not download unknown software
  • Keep your anti-virus and firewall active
  • Update, Update, Update

At this time there are no known reports of these bugs being abused in the wild and security professionals have been hard at work on fixes long before they were made public.

If you have any questions or concerns about your digital security, please contact our IT team to learn what you can do to stay protected.