What you need to know about Meltdown and Spectre 

You’ve probably heard the terms “Meltdown” and “Spectre” a lot lately. Over the past few weeks the two security vulnerabilities have been everywhere in the news.

Smartphones, PCs and servers across the world have received software updates in recent days to plug security gaps on computer chips that cyber security researchers have described as the most serious threat in years.

Researchers identified the problem last year, shared details with chip manufacturers last summer, and then made a public announcement Jan. 3.

Here is what you need to know:

  • The vulnerabilities, known as Meltdown and Spectre, can allow passwords and other sensitive data on chips to be read. The flaws result from the way computers try to guess what users are likely to do next, a process called speculative execution.
  • Affected chipmakers and large technology companies including Alphabet Inc’s  Google say they have not seen any malicious hackers use Meltdown or Spectre in attacks, but the vulnerabilities affect most modern computing devices. 
  • Security analysts have said that Meltdown, which affects Intel Corp chips and one processor from SoftBank Group Corp’s ARM, is easier to exploit because the program to steal passwords and other data can be hidden on a website. 

Spectre, meanwhile, requires more direct access to the microchip, but affects central processing units from Intel, Advanced Micro Devices Inc and ARM. 

How have chipmakers and technology companies responded? 

Chipmakers have teamed up with Google, Microsoft Corp Apple Inc and other leading tech companies since the summer to devise software patches. 

Do the fixes have side effects? 

Intel said on Wednesday that the performance decline is as much as 10 percent, but that a typical home and business PC user should not see big changes in how long it takes to save a document or open a photo stored on a computer.

The patches, however, do not always work with other software. For example, a fix for Spectre led to issues turning on some computers with AMD chips, and a Meltdown patch for Microsoft Windows required changes from antivirus makers. 

What to do right now

  • The most important thing you can do is keep the software updated on your phone or computer, as well as take standard, commonsense security measures, like remaining aware of phishing attacks via email.
  • Update all the things. The entire computer industry is moving as quickly as possible to patch in Meltdown and Spectre protections.

Menlo Technologies will share updates as they become available.