Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.
The flaws, named Meltdown and Spectre, were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system.
Meltdown is “probably one of the worst CPU bugs ever found”, said Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw.
Intel has begun providing software and firmware updates to mitigate these exploits,” Intel said in a statement, denying that fixes would slow down computers based on the company’s chips. “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time
All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” said Apple in a blog post, in reference to the fact that although the security flaws make it possible to steal data using malicious software, there was no evidence to suggest that this had happened
The company advised customers to update their devices’ operating systems and only download software from “trusted sources such as the App Store”.
Google said that Android devices running the latest security updates were protected, including its own Nexus and Pixel devices, and that users of Chromebooks would have to install updates
What can I do about the Meltdown and Spectre flaws?
Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.
Android devices running the latest security update, including Google’s Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.
An update from Apple on what is needed for its Mac computers and iOS devices is expected.