Recently, two serious processor vulnerabilities were discovered that affect almost all modern computers. All Macs and iOS devices, just like most PCs on Windows and Android devices, are potentially vulnerable to Meltdown and Specter.
In theory, these security holes could be exploited by attackers to gain access to data, passwords, files, and other personal information on a device.
What it is?
These vulnerabilities are described by computer security experts as follows:
Meltdown and Specter exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data that is currently being used on the computer. While programs usually do not have access to read data or other programs, malware can use Meltdown and Specter to gain access to secret data stored in the memory of other running programs. The list of such data may include passwords from a password bank or browser, personal photos, emails, messages from instant messengers, and even confidential business documents.
Meltdown and Specter run on personal computers, mobile devices, and the cloud. Depending on the infrastructure of the cloud storage provider, data from other users could be stolen.
Of course, the security breaches that affect virtually all computers in the world are extremely disturbing news. Apple acknowledged the indicated issue and updated the support page with the following information:
All Macs and iOS devices are at risk, but at the moment there are no reports of infection of our users. Considering that the exploit in most cases requires the installation of an infected application on your computer or mobile device, we recommend downloading applications only from trusted sources – which is App Store.
So what should you do? How can you protect yourself and your information from these vulnerabilities?
How to protect against Meltdown and Specter
The easiest way to avoid potential issues with Meltdown and Specter vulnerabilities is to follow these guidelines to secure your computer or mobile device:
- Avoid software of unknown origin and do not download programs from unverified sources.
- Please use an updated web browser that contains a patch for the indicated security holes.
- Install appropriate security updates and / or system updates when they become available for your device or computer.
By the way, these are good tips for anyone who is worried about the security of their Mac or iOS device. So we recommend that you continue to follow them even after the threat of Meltdown and Specter is eliminated. Therefore, let's go over each of the points in a little more detail.
1. Avoid suspicious sites and downloads
Never download apps or anything else from suspicious-looking sites. In general, refusing to download potentially dangerous software can protect you not only from Meltdown and Specter, but also from any malware and just junk.
Don't settle for downloading files that you didn't ask for. Never install an application downloaded by mistake, and always pay attention to the description in the installer: is the program listed in it? Always download and buy software only from trusted sources – from the developer's site, trusted software vendors (these include, for example, Steam and Humble Bundle) or from App Store.
2. Update your browsers
Another potential attack source is a web browser. Fortunately, the most popular browsers have either been updated (or will be updated soon) to prevent potential security issues:
- Firefox version 57 and higher – already updated
- Chrome 64 and later – patch will be included in the January 24 update
- Safari – coming soon for Mac, iPhone and iPad
As for users Windows, then Microsoft Winfows 10 and Edge browser have already received the necessary patch, updates for other versions are also planned. Latest versions Android also got an update from Google.
If you are concerned that your browser has not yet received the security patch, you can temporarily switch to Safe Browser until the developers take care of your primary browser. For example, you can download Firefox 57 or newer for a few days until Safari or Chrome is updated.
3. Install security and / or system updates when they become available
You need to make sure your device is receiving the required security updates. You can also achieve this by updating the operating system to the latest version. Apple reports that it has already taken the first steps to get rid of Meltdown and Specter in the following versions:
- iOS 11.2 and newer on iPhone, iPad, iPod Touch
- macOS 10.13.2 High Sierra and later on Mac
- tvOS 11.2 and newer on Apple TV
It is not yet clear if Apple will release separate security patches for older versions of macOS, but in the past Apple has often done so. For now, we can only hope that macOS Sierra 10.12.6 and Mac OS X El Capitan 10.11.6 will be protected from Meltdown and Specter in the next updates, given that not all Mac users can (or want) to upgrade to High Sierra for one reason or another.
Finally, note that Apple Watch and watchOS were not affected by this issue.