Skip to main content

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

What the heck is happening?

There are these two flaws that security researchers found, that affect millions of computers, laptops, cloud servers and smartphones made over the past couple decades. 

These flaws – one called Meltdown, the other Spectre – could let someone access basically anything in a device's memory. That means passwords, photos, text messages, documents, and more. 

That doesn't sound great

It's not ideal, though not every single device ever created is at risk. Just a lot of them.

Basically every modern device that uses an Intel brand processor (one from 1995 or later, the researchers say) can be exploited by both Meltdown and Spectre.

Those with AMD and ARM processors are also exploitable by Spectre, the researchers found. Those processors might be susceptible to Meltdown as well, but researchers haven't verified it yet.

But these chips are so widely used, that the researchers say everyone is "most certainly" affected by these bugs.

Has anyone been attacked with these?

Technically unknown. But the researchers and companies including Microsoft said they don't have any indication at this point the flaws are being abused out in the wild.

How do these exploits work?

This gets very technical, very complicated. 

So we're going to hand it off to sites like ArsTechnica, which explains how Meltdown "uses speculative execution to leak kernel data to regular user programs." 

And ZDNet, which says Spectre can " break down a fundamental isolation that separates kernel memory ... from user processes" in order to "trick apps into leaking their secrets."

The original Google Project Zero research blog outlining the threats is here.

OK, so what should I be doing?

This one we can answer: Update everything whenever possible.

The Windows, OSX and Linux operating systems have received patches to fix the Meltdown flaw. (Microsoft says if you didn't get it, there's a problem with the anti-virus software you're using – details here.)

Firmware vendors (that's the software embedded into the physical hardware) will have to issue their own fixes for Meltdown too, so keep an eye out for update alerts from manufacturers too.

Meltdown attacks could even come in through an internet browser. Firefox has issued a fix, Chrome has one in the works for Jan. 23, Safari hasn't said anything as of Thursday afternoon, according to Popular Mechanics.

You'll notice Spectre hasn't been mentioned. That's because the flaws are so deeply embedded that they're "not easy to fix," the researchers said, adding, "It will haunt us for quite some time."

As the New York Times put it, it could require redesigning the processors altogether.

How do I find what type of processor I have?

Mac laptops/computers:

Go to About This Mac in the Apple menu, and the processor should be listed there.

Windows laptops/computers (h/t Computer Hope):

Right click My Computer and select properties. In the window that pops up (usually "System" or "Sstem Properties", it should show you the processor type.

Smartphones/tablets:

This is trickier, because you usually need to download an app of some sort to tell you exactly. Our best suggestion? Google it, and as specifically as you can, with the device's name and model number.

Next Up

Screen Shot 2022-05-21 at 9.56.21 AM

North High principal Mauri Friestleben returning to finish year

The principal said Friday she had been fired from her role over her support of a student protest.

ambulance

One dead, two injured in wrong-way crash on Hwy. 169

The crash occurred on Highway 169 early Sunday morning.

minneapolis police

Man fatally shot overnight in north Minneapolis

The shooting was reported around 2:20 a.m.

Screen Shot 2022-05-22 at 8.30.08 AM

Campsites closed at Voyageurs National Park due to 'historic' water levels

All backcountry trails and campsites are closed, as well as many frontcountry sites.

state capitol Minnesota

Lawmakers reach agreement on tax cuts ahead of session's end

Lawmakers announced they had reached a deal on a tax bill Saturday ahead of the looming session deadline.

281699116_10226502238438986_800951410789352812_n

Victims of daytime drive-by shooting in Robbinsdale identified

The two men died after a hail of bullets struck a vehicle.

Screen Shot 2022-05-22 at 8.14.37 AM

Source of 'loud explosion' in Brooklyn Park a mystery

The noise was investigated by police, but no source could be determined.

covid, vaccine, booster shots

COVID: All Americans over 50 advised to get a second booster

Cases, hospitalizations and deaths are on the rise again as new COVID variants emerge.

J.W. Peck (left) and Eric Galler.

2 Minnesotans inducted into White Castle's Hall of Fame

White Castle — it's what a man in Minneapolis and another in Woodbury, crave.

Screen Shot 2022-05-21 at 5.46.37 PM

Video shows officers ended pursuit before fatal crash in Anoka

The crash occurred when the driver fled police during an attempted traffic stop in Coon Rapids.

Eli Hart

6-year-old Eli Hart identified as boy found dead in car trunk

The kindergartner's father was trying to get full custody of his son.

IMG_3509

Boy found dead in trunk of car in Mound was kindergartner

"It is horrifying and difficult to process a tragedy of this magnitude, especially in our close-knit community," the superintendent wrote.

Related

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Should you stop looking at news sources that back up what you already believe?

Living in a filter bubble is part of consuming news. But should you do something about it?

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?