2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.
Author:
Updated:
Original:

What the heck is happening?

There are these two flaws that security researchers found, that affect millions of computers, laptops, cloud servers and smartphones made over the past couple decades. 

These flaws – one called Meltdown, the other Spectre – could let someone access basically anything in a device's memory. That means passwords, photos, text messages, documents, and more. 

That doesn't sound great

It's not ideal, though not every single device ever created is at risk. Just a lot of them.

Basically every modern device that uses an Intel brand processor (one from 1995 or later, the researchers say) can be exploited by both Meltdown and Spectre.

Those with AMD and ARM processors are also exploitable by Spectre, the researchers found. Those processors might be susceptible to Meltdown as well, but researchers haven't verified it yet.

But these chips are so widely used, that the researchers say everyone is "most certainly" affected by these bugs.

Has anyone been attacked with these?

Technically unknown. But the researchers and companies including Microsoft said they don't have any indication at this point the flaws are being abused out in the wild.

How do these exploits work?

This gets very technical, very complicated. 

So we're going to hand it off to sites like ArsTechnica, which explains how Meltdown "uses speculative execution to leak kernel data to regular user programs." 

And ZDNet, which says Spectre can " break down a fundamental isolation that separates kernel memory ... from user processes" in order to "trick apps into leaking their secrets."

The original Google Project Zero research blog outlining the threats is here.

OK, so what should I be doing?

This one we can answer: Update everything whenever possible.

The Windows, OSX and Linux operating systems have received patches to fix the Meltdown flaw. (Microsoft says if you didn't get it, there's a problem with the anti-virus software you're using – details here.)

Firmware vendors (that's the software embedded into the physical hardware) will have to issue their own fixes for Meltdown too, so keep an eye out for update alerts from manufacturers too.

Meltdown attacks could even come in through an internet browser. Firefox has issued a fix, Chrome has one in the works for Jan. 23, Safari hasn't said anything as of Thursday afternoon, according to Popular Mechanics.

You'll notice Spectre hasn't been mentioned. That's because the flaws are so deeply embedded that they're "not easy to fix," the researchers said, adding, "It will haunt us for quite some time."

As the New York Times put it, it could require redesigning the processors altogether.

How do I find what type of processor I have?

Mac laptops/computers:

Go to About This Mac in the Apple menu, and the processor should be listed there.

Windows laptops/computers (h/t Computer Hope):

Right click My Computer and select properties. In the window that pops up (usually "System" or "Sstem Properties", it should show you the processor type.

Smartphones/tablets:

This is trickier, because you usually need to download an app of some sort to tell you exactly. Our best suggestion? Google it, and as specifically as you can, with the device's name and model number.

Next Up

police tape

Authorities ID man fatally struck by 'errant bullet' in Willmar

The man was working in his garage when he was fatally shot.

ambulance

1 dead, 1 critically injured in head-on crash on Highway 169

The State Patrol says driving impaired may have been a factor in the crash.

Richard Pitino

Gophers game against Nebraska postponed due to COVID outbreak

The Cornhuskers have had 12 members of its team test positive for COVID-19.

Bob Kroll

What Minneapolis Police Lt. Bob Kroll said in Sunday radio interview

Kroll said that once he's retired he'll go "radio silent."

coronavirus, SARS-CoV-2, covid-19

Here is Minnesota's COVID update for Sunday, January 17

The health department provides updates daily at 11 a.m.

Sen. Julia Coleman

'No one's business': State senator calls out attack on her pregnancy

Sen. Julia Coleman represents Minnesota's District 47.

Willmar Police Department

'Errant bullet' goes through garage wall, kills Willmar man

The man was working in his garage when he was shot, witnesses said.

Screen Shot 2021-01-16 at 10.59.00 PM

Wild tie Kings with 2 seconds left, win in overtime

Another incredible finish for the Wild.

Screen Shot 2021-01-16 at 6.53.17 PM

Mike Lindell's MyPillow offering discounts using the code 'Qanon'

The Shakopee-based company is under the microscope because of the recent actions of its owner.

Surly Brewing

Facing aluminum can shortage, Surly unveils solution: 'Cantyhose'

The brewery came up with a creative way to repurpose unused cans.

Related

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Should you stop looking at news sources that back up what you already believe?

Living in a filter bubble is part of consuming news. But should you do something about it?

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?