Recently, the internet went into meltdown after news of vulnerabilities found in the architecture and design of microprocessors built by Intel, AMD and other manufacturers. The vulnerabilities, named Spectre and Meltdown and first discovered by researchers at Google’s Project Zero, could potentially be exploited to allow attackers to access memory and data stored in the cache of a computer’s CPU.
Because the flaw is inherently within the chip’s physical design, no quick-fix is available, and the vulnerability can only be completely overcome by Intel rolling out millions of product recalls and replacing the microprocessor in virtually every machine on the planet. There are processor chips in everything – laptops, desktops, smartphones, tablets, and servers – so a worldwide product recall is unrealistic, and shudderingly expensive.
Until this generation of processors is replaced – either by individual users choosing to go back to their manufacturer for firmware updates, or just buying a new machine with a, hopefully, faultless chip – the Meltdown and Spectre vulnerabilities can’t be truly fixed. There is, however, a workaround for Meltdown. As yet, no fix for Spectre is possible.
When news broke, providers of operating systems and web browsers from Microsoft to Mozilla rushed to find and implement patches to their systems and services to keep their users safe from the vulnerability, should anyone choose to weaponise it (which no one reportedly has – yet).
Meltdown patches – Linux
As is often the case due to their open source nature, the Linux operating systems were first to release patches that worked around the Meltdown and, in some cases, Spectre vulnerabilities.
On January 9th the Linux distribution Ubuntu began to release kernel updates to mitigate from Meltdown. Although some older versions of Ubuntu are still vulnerable, updating your operating system should keep you protected. Debian and CentOS also released updates to their operating systems that mitigate Meltdown. Although, Red Hat had to rollback an update that caused machines to be unbootable.
Visit our support site for more help with mitigating Meltdown and Spectre from your Linux machine.
Meltdown patches – Microsoft
Microsoft also had a troubling time releasing patches for their Windows operating systems. After releasing the initial workaround patch, Microsoft began to receive increased reports of crashing machines and the ‘blue screen of death’ for customers running AMD chips. When these reports started to come in Microsoft also recalled the update, and have since re-released a version that doesn’t cause computers to stop working. Users who had installed the faulty update and were left with blue screens had to roll back the update and re-install the new one to get their computers working again.
Microsoft’s patches for its Internet Explorer and Edge web browsers went a lot smoother, and are available for users to update ASAP.
Visit our support site for more help with mitigating Meltdown and Spectre from a Windows machine.
Meltdown patches – Apple
Apple were quick to release patches to macOS for computers, iOS for smartphones, and for its Safari web browser. Patches for Meltdown were released in December, with follow-up patches for the more complicated Spectre vulnerability released early-January. The company said in a statement “There are no known exploits impacting customers at this time,” which is good news for Apple users.
Meltdown patches – Google
An anti-Meltdown update was released for smartphones running Google’s Android mobile operating system, but a patch for the Chrome web browser won’t be released until January 23rd, which, considering it was Google researchers who found the flaw, is significantly later than their competitors.
Until then, Google suggest enabling site isolation within the browser as a solution in the meantime.
Meltdown patches – Mozilla
Immediately, Mozilla gave the same stopgap advice about site isolation for its Firefox web browser, until the update became available to download in early January.
For now the best way for users to stay safe from these vulnerabilities is to update their operating system and web browser of choice. For more information on how to keep your machines up to date, visit our support site.