Install updates and patches as they come from your OS and CPU manufacturers.
By now you've probably heard about "Meltdown" and "Spectre," hardware bugs that can exploit vulnerabilities in modern microprocessors (also called central processing units or CPUs).
Meltdown and Spectre are possible due to design flaws in several modern CPU architectures. These bugs were first presented in scientific papers, and then announced publicly on the Google Project Zero blog on January 3, 2018.
According to researchers, Meltdown can "melt" security boundaries by breaking the mechanism that keeps applications from accessing arbitrary system memory—which could include things like passwords, card numbers, etc. Spectre works by breaking the isolation between different applications allowing an attacker to trick error-free programs, which follow best practices, into leaking their secrets.
Install updates and patches as they come from your OS and CPU manufacturers. Companies including Microsoft, Intel, and Google have been working around the clock to create patches for these vulnerabilities. Downloadable tools are being developed by various CPU manufacturers to detect the Meltdown and Spectre vulnerabilities; watch for them.
You can find a full list of links to the official security advisories of affected manufacturers and companies here.
We don't yet know if Meltdown or Spectre have been or are being abused in the wild, but now would be a good time to check for patches or updates available from your OS and CPU manufacturers.
Learn more about Data Security Consulting.
Researchers have shared a video showing Meltdown in action.
.svg)
