Meltdown and Spectre: Two things you need to know

Security & Privacy, Threats & Hacks

We’re only four days into 2018, and cyber security is already dominating headlines. Earlier today, multiple news outlets reported on the discovery of vulnerabilities in chips from Intel, AMD, and ARM.

The vulnerabilities – dubbed Meltdown and Spectre – are fairly serious. An attacker can use them to steal all kinds of information, including things like passwords, encryption keys, user data, and more. And the vulnerable chips are used in many devices. For example, the BBC reports that Intel chips are used in 80 percent of desktops and 90 percent of laptops.

In practical terms, the widespread use of the vulnerable chips means the issue affects nearly everyone.

With that being said, the situation is not serious enough for you to throw your devices out the window and stop using the internet. Here’s a couple of things end users should keep in mind.

Nobody’s exploiting these vulnerabilities…yet

As of now, there are no reports of actual attackers exploiting these vulnerabilities. And that’s good. Everything known so far is based on information and proof-of-concepts published by security researchers.

However, that doesn’t mean that attackers won’t use them in the future, so it’s important for people to be aware of and take steps to protect themselves.

Which brings up the second point…

Updates are on the way, but things could get messy

Fixing vulnerabilities in chips with software isn’t easy. But that’s what’s happening now. Many operating systems already have updates available. But updates can be messy. For example, Microsoft announced today that its update may have compatibility issues with some antivirus software (F-Secure has already updated our products to ensure they’re compatible), which can delay the update process for end users.

According to F-Secure’s Chief Technology Officer Mika Stahlberg, mitigating the vulnerability can have far-reaching consequences, potentially making Meltdown and Spectre impactful even if they’re never used by attackers.

“What makes these vulnerabilities so interesting and dire is the fact that they’re about CPU optimization. Securing this logic requires hardware changes or changes to related software logic — both of which can hurt performance and increase cost of computing,” says Mika. “The impact on operating environments alone could be enough to make these the most expensive vulnerabilities in history, even if there are no real world attacks.”

Rate this article

33 votes

4 Comments

Hello,
what would be most intersting for me (and for my customers) is the question, whether f-secure Antivirus software (PSB) would be able to detect and block attacks via Meltdown and Spectre.
Regards,
Friedrich

Please also clarify below:

[1] Is F-Secure compatible with Microsoft Patch released for this vulnerability?

[2] What all versions of F-Secure AV are tested for compatibility with MS Patch for this vulnerability?

[3] Does F-Secure auto -updates the registry settings as done by other AV vendors or require manual update by us?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like