This week, researchers announced they’d discovered 2 enormous security slip-ups that likely affect the “vast majority” of computers, servers, and smartphones built in the past 20 years.
The flaws, which affect every device that runs on a chip processor, may allow hackers to steal the entirety of your devices’ memory — and they’ve launched the big dogs (Amazon, Apple, Google, Microsoft) into software update panic mode.
There are 2: Meltdown (which affects only Intel processors), and Spectre (which affects all processors) — both fairly similar.
See, the processors on your computers and smart devices run tons of small calculations per second to perform tasks. As a form of workflow optimization, they also preemptively perform tasks that are not necessarily needed. This is called “speculative execution” (in-depth description here).
The processor works in tandem with your device, performing calculations (and storing tiny bits of data) from a range of applications simultaneously.
Researchers have found that this could potentially let bad actors access protected parts of your device’s memory.
In theory, hackers could trick you into downloading malicious software on your computer, then use these flaws to access things like passwords, personal photos, emails, or documents.
Since servers also run on affected processors, they could also log into a cloud account and use the Meltdown flaw to bypass security protocols and access multiple users’ information simultaneously.
Though these flaws have existed for 2 decades, there haven’t been any documented cases of hackers taking advantage of them… yet.
Luckily, most big companies have already taken action against meltdown.
Microsoft has released a patch update for Windows 10; the current version of Android is currently protected; browsers including Google Chrome and Mozilla Firefox have pending updates; and Apple’s latest version of their OS, 10.13.2, protects against meltdown.
More generally, if you haven’t done so already, you should immediately enable two-factor authentication on your devices and get a password manager set up.
Note: special thanks to our engineer, Wes, for helping us understand how processors work.