What’s Going on With the Specter and Meltdown Patches?
Early this month, computer security is expected to explode on the Internet. A pair of vulnerabilities called Specter and Meltdown , dating back to 1995, put a wide variety of computers, smartphones, and Internet browsers at risk.
Since then, companies like Microsoft and Apple, as well as chip makers like Intel and AMD, have been rushing to release patches, but it hasn’t been the smoothest process. A week later, work on fixing these vulnerabilities is far from complete. Here’s a rundown of what you need to know about the state of the Specter and Meltdown patches.
What are Specter and Meltdown?
If you’re still not quite sure what these exploits actually do, here’s a quick explanation.
Both Specter and Meltdown rely on what is called “speculative execution,” where your computer tries to guess what you’ll do next to get it done faster. Because of the way this data is stored, it creates a vulnerability that could give hackers access to other private information on your computer.
Meltdown primarily affects Intel processors, which are used in tons of computers, including the Apple MacBook line. Specter, which actually refers to two separate vulnerabilities, can affect Intel, AMD and ARM chips. This applies to both desktops and smartphones.
Current state of patches
For the most part, large companies such as Google, Microsoft and Apple were able to outpace these vulnerabilities before they were publicly announced. Apple released fixes for macOS 10.13.12 and iOS 11.2 back in December. Earlier this month, Apple also made a new update to its Safari browser. So, as long as you are using the latest Apple software, you can be safe.
Microsoft’s efforts have not gone so smoothly. The company was effectively forced to withdraw some versions of its patch, including for AMD chips, after they stopped working on some computers.
On the other hand, Microsoft has already patched its Internet Explorer and Microsoft Edge browsers, and the company says Windows 10 is safer from Specter and Meltdown than Windows 8.1 or 7. So finally, it might be time to update your operating system if you haven’t done that yet. already.
Google has also released a fix for Specter called Retpoline , and the company says a fix for its Chrome browser will be released on January 23rd . In the meantime, the company is proposing to enable site isolation as a temporary solution. As far as Android goes, Google claims the latest version of its software is Specter-proof, but if your device is too old to receive an update, you’re basically on your own .
Finally, if you’re using the Firefox browser, you can download the patch , although the company also recommends enabling Primary Isolation for added protection.
What to look for
If you’re still waiting for a patch to protect you from Specter and Meltdown, there are a few things to look out for.
Some hackers are already taking advantage of the situation to distribute fake updates that actually install malware on your computer. This has already happened in Germany , with fake emails that looked like they were sent by a government agency. Therefore, do not download any fixes unless they come directly from a company you trust, such as Microsoft or Intel.
Ars Technica also warns that researchers are dangerously close to using Specter and Meltdown as weapons, which means the hackers are likely pretty close too. So if you’re still waiting for the patch, stay tuned for any official updates that might protect you before it’s too late.