2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

What the heck is happening?

There are these two flaws that security researchers found, that affect millions of computers, laptops, cloud servers and smartphones made over the past couple decades. 

These flaws – one called Meltdown, the other Spectre – could let someone access basically anything in a device's memory. That means passwords, photos, text messages, documents, and more. 

That doesn't sound great

It's not ideal, though not every single device ever created is at risk. Just a lot of them.

Basically every modern device that uses an Intel brand processor (one from 1995 or later, the researchers say) can be exploited by both Meltdown and Spectre.

Those with AMD and ARM processors are also exploitable by Spectre, the researchers found. Those processors might be susceptible to Meltdown as well, but researchers haven't verified it yet.

But these chips are so widely used, that the researchers say everyone is "most certainly" affected by these bugs.

Has anyone been attacked with these?

Technically unknown. But the researchers and companies including Microsoft said they don't have any indication at this point the flaws are being abused out in the wild.

How do these exploits work?

This gets very technical, very complicated. 

So we're going to hand it off to sites like ArsTechnica, which explains how Meltdown "uses speculative execution to leak kernel data to regular user programs." 

And ZDNet, which says Spectre can " break down a fundamental isolation that separates kernel memory ... from user processes" in order to "trick apps into leaking their secrets."

The original Google Project Zero research blog outlining the threats is here.

OK, so what should I be doing?

This one we can answer: Update everything whenever possible.

The Windows, OSX and Linux operating systems have received patches to fix the Meltdown flaw. (Microsoft says if you didn't get it, there's a problem with the anti-virus software you're using – details here.)

Firmware vendors (that's the software embedded into the physical hardware) will have to issue their own fixes for Meltdown too, so keep an eye out for update alerts from manufacturers too.

Meltdown attacks could even come in through an internet browser. Firefox has issued a fix, Chrome has one in the works for Jan. 23, Safari hasn't said anything as of Thursday afternoon, according to Popular Mechanics.

You'll notice Spectre hasn't been mentioned. That's because the flaws are so deeply embedded that they're "not easy to fix," the researchers said, adding, "It will haunt us for quite some time."

As the New York Times put it, it could require redesigning the processors altogether.

How do I find what type of processor I have?

Mac laptops/computers:

Go to About This Mac in the Apple menu, and the processor should be listed there.

Windows laptops/computers (h/t Computer Hope):

Right click My Computer and select properties. In the window that pops up (usually "System" or "Sstem Properties", it should show you the processor type.


This is trickier, because you usually need to download an app of some sort to tell you exactly. Our best suggestion? Google it, and as specifically as you can, with the device's name and model number.

Next Up

Gopher Hockey

Watch: No-call lifts Gophers to OT victory over St. Cloud State

A blatant hook marred a top-four battle in St. Cloud.

Ambulance hospital emergency

Driver killed after crashing into parked semi-trailer

The crash occurred on the 5800 block of University Avenue Northeast.

Mike Zimmer

Vikings-Panthers: 5 things you can count on happening

The Vikings will look to open things up in Carolina.

Tanner Morgan/Gopher Football

Morgan's resurgence, Nebraska's miscues help Gophers hold on

The Gophers quarterback threw a pair of touchdowns in a 30-23 victory.

Tina Smith

Sen. Tina Smith warns Dems she may not vote for budget bill if climate plan dropped

This comes amid a White House effort to get its "Build Back Better" plan passed.

Pixabay - emergency room ambulance hospital

St. Paul man dies six days after crash on I-94

The Hennepin County Medical Examiner has identified the man as David Rodney Hardaway.

police lights squad car dark - Unsplash

Double murder in northeastern Minnesota, suspect kills himself after chase

The suspect died at the scene from a self-inflicted gunshot wound.

chaska school fight

Anti-masker involved in school board meeting fight charged with assault

It happened last month at an Eastern Carver County Schools hearing.

Marcus Foligno

Marcus Foligno throws hands, scores game-winning goal in Wild's opener

The Wild forward scored with 7.2 seconds left to beat Anaheim.


This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Should you stop looking at news sources that back up what you already believe?

Living in a filter bubble is part of consuming news. But should you do something about it?

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?