Jan 11

Meltdown and Spectre

Another year and another round of exploits and serious ones at that.

This time it’s the fault of Intel and over curious security experts that have discovered a serious flaw in the very chip that powers almost every device on the planet.

IBM, Dell, Acer, and sadly Apple are embroiled in this very serious security risk that, aside from new hardware, has no real cure.

That said, everyone is rushing out software patches that will go someway to mitigate the threat but in the end these measures are about as significant as fitting a deadlock to a front door made of drinking straws. If the bad guys really want in they could find a way, that is until your chip has been replaced- in other words a new device. On top of this, Windows users have reported that software patches issued by Microsoft have been slowing down their devices between 5%-30%. Happily this appears not to be the case for Apple users.

The first of these nasties has the catchy moniker of Meltdown. This allows malicious code to read memory inside your Intel chip, meaning that passwords and other data is ripe for the picking.

The second is called Spectre and this can, without getting geeky, fit itself in-between application processes and force them to give up whatever data they might have on hand at the time and send it back to the scumbag at the end of the line. Eeeck! This one, Apple claims, is the hardest to patch but it is also the hardest for the bad guy to actually implement.

But as new impervious chips don’t exist yet all we can do is fit the current defences made of gossamer and hope for the best.

Mac, iOS users. 

Apple have released software updates for 10.13 for Mac and 11.2.2 for iOS as well as updates for Apple Watch and AppleTV. These should be downloaded and installed ASAP. Don’t wait. Updates for Safari have also been released but specific security patches for 10.11 and 10.12 are yet to be announced. If you are worried then updating to 10.13 is the fastest way to protect yourself, in much the same way as the recent wifi bug.

To apply an update for the Mac, click on the Apple menu, choose AppStore and then Updates.

To apply an update on your iPhone and iPad, tap on Settings, then General then Software Update.

To apply an update on the Apple Watch tap on the Watch App on your iPhone, tap on General and then Software Update.

Chrome users 

Even after you have installed these updates, Chrome  – if you use this browser – has released further protection that should be installed as soon as possible.

  1. Open Chrome.
  2. Go to chrome://flags/#enable-site-per-process
  3. Then click enable on Strict Site isolation.
  4. Close and reopen Chrome

As always, these kinds of exploits rely on infected applications being installed on your Mac or you visiting dodgy websites. So if you only download and install software from trusted sources and follow these simple rules – in combination with these updates – you should be as right as rain. Until the next down pour.

Permanent link to this article: http://macservicesact.com.au/meltdown-and-spectre/

1 comment

    • Chris on January 15, 2018 at 9:51 AM
    • Reply

    Well, I’ve just read yer article, like, an I must say yer tell a good yarn. If them toe-rags think there gonna stop is from usin’ me machine like then they can just haddaway ‘n’ shite.

    I’m lucky like coz I’ve got a mate that knaa’s aboot these things an keeps it aal straight for is.

    Thanks for the heads-up kidda. Look afta yersel

Leave a Reply

Your email address will not be published.