As I am writing this, it has been about a month since news broke of Meltdown and Spectre, two separate vulnerabilities affecting nearly every smartphone and PC in use today. It affects all modern processors – which encompasses a whole lot of users.
Meltdown and Spectre are different fundamentally, but they use a similar vulnerability to do different things. So what are the differences?
Meltdown breaks the isolation between user applications and the operating system. This allows a program to access the memory and, therefore, the processes and data of the software, even when it is not authorized to do so.
Meltdown specifically affects Intel x86 microprocessors and some ARM-based microprocessors. Many different systems are affected, including iOs, Linux, macOS, and Windows, as well as a wide range of cloud services and servers across the world.
Spectre, however, breaks the isolation between different applications. It allows an attacker to trick programs into leaking their secrets and data. It can easily jump to other programs after it has made its way in.
While Spectre is harder to exploit than Meltdown, it is also harder to defend against.
Spectre can affect any microprocessor that runs branch prediction, which is the processor trying to predict what you will do next and begin running background processes to allow for faster performance. It has been confirmed to affect both Intel and AMD. AMD, whose processors are immune to Meltdown, have already been experiencing many issues due to security patching.
Now you know what they are, but what can you do to stay safe?
Keep your device up to date. Right now, it is as simple as that. Processors won’t be replaced for a more secure model, but updates can shield users from the exploits.
Microsoft has rolled out updates to battle the vulnerabilities for both Intel and AMD processors. Apple has pushed iOS updates. Browsers are being updated, and so is software.
While we have updates to close up the holes, initial reports coming in state the patch has a negative impact on system and processor performance. Microsoft put a patch out to fix the vulnerability for AMD processors and essentially broke most systems running Windows with an AMD. They had to remove the patch from their updates.
Companies are scrambling to get fixes in place, ones that will affect us as little as possible. While it is unfortunate that system performance may suffer due to the patching, it is better than the alternative of leaving yourself unprotected.
Experts estimate it won’t be long before hackers have processes in place to take advantage of these vulnerabilities, so everyone is working to have a fix in place before that happens.
While we may suffer performance-wise for the time being, tech giants like Microsoft and Intel will continue looking for better solutions. Putting a fix in place that slows down performance does not mean a future patch will address that. It’s just the price of being safe and one we will all have to pay.