A recent discovery of a vulnerability existing in Intel, AMD, and ARM chips has caused some concern among our clients and partners. ONE 2 ONE is distributing the following in hopes that it will answer many of your questions.
What is the buzz about?
Meltdown and Spectre, are two recently discovered exploits which take advantage of the same basic security vulnerability in some microprocessors. They could hypothetically be used by malicious actors to “read” sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.
Am I in immediate danger from this
No, you are not in immediate danger. Intel and Google say they’ve never seen any attacks like Meltdown and Spectre actually being used in the wild. Companies including Intel, Amazon, Google, Apple, and Microsoft are rushing to issue fixes. Also, these exploits require that there is already malware on your system before these vulnerabilities can be leveraged.
How will this affect my systems?
The most immediate consequence of all of this will come from the updates/patches. Some devices will see a performance dip of as much as 30% after the fixes are installed, according to some reports. However, the amount by which computers will be slowed will depend on how they’re being used.
What is ONE 2 ONE doing about it?
For our clients, ONE 2 ONE is increasing the velocity in which patches and updates can be applied to your systems safely and with minimal downtime. As the updates are released by the affected vendors, ONE 2 ONE will apply them to the systems we manage for you.
But I have personal Machines/Devices ONE 2 ONE doesn’t manage, what can I do about it?
To guard against the security flaw and the exploits, the first and best thing you can do is make sure you’re up-to-date with your security patches. The major operating systems have already started issuing patches that will guard against the Meltdown and Spectre attacks. In fact, fixes have already begun to hit Linux, Android, Apple’s MacOS, and Microsoft’s Windows 10. So whether you have an Android phone or you’re a developer using Linux in the cloud, it’s time to update your operating system.
It is important to make sure you stay up to date. While Spectre may not have an easy fix, Google says there are ways to guard against related exploits. Expect Microsoft, Apple, and Google to issue a series of updates to their operating systems as new Spectre-related attacks are discovered.
Additionally, because Meltdown and Spectre require malicious code to already be running on your system, let this be a reminder to practice good online safety behaviors. Don’t download any software from a source you don’t trust, don’t click on any links or files claiming you won $10 million in a contest you never entered, and don’t go surfing any ‘questionable’ websites.
If you have additional questions about these exploits and your systems, please contact us.