Recently, security vulnerabilities were discovered that affect Intel, AMD and ARM processors. These vulnerabilities stem from the way processors were designed to run faster and process data more efficiently. There are currently three known attack variants that can take advantage of these vulnerabilities. Variants one and two are collectively referred to as "Spectre," and variant three is known as "Meltdown."
Both variants of Spectre can be used to trick software programs into disclosing secret information. An attack using Meltdown could theoretically access system memory, including passwords, data from other programs, and the operating system.
Almost every processor made since 1995 is vulnerable to at least one of these attacks. Spectre and Meltdown allow attackers to access information that should be protected. What makes these vulnerabilities so concerning is that any malicious software written to take advantage of them can be run by a standard user. Administrative access is not required for these vulnerabilities to be exploited. A successful attack could allow an unauthorized user to gather sensitive data, modify information stored on a system, or create a backdoor for future attacks.
These issues affect a wide range of technologies, including computers, smartphones and even the cloud. While software updates are being released to fix most of these issues, more work needs to be done to eliminate the threat posed by Spectre.
Make sure you’re installing updates as they are released. Be sure to set your computer to automatically download and install updates regularly. In addition to operating system (OS) updates, make sure your anti-virus software and browsers are updated. In certain circumstances, OS updates will not be installed if the anti-virus program is not updated first.
As more details regarding these vulnerabilities are released, we will update this page. Continue to check back for the latest information.
These technical resources are included for those who wish to learn more about Meltdown and Spectre.