Latest Security Vulnerability Spectre & Meltdown
We start the year with a security vulnerability that exposes nearly everyone. Pretty much anything with a chip on it- computers, mobile devices, all software platforms Windows, iOS, Chrome, and Android to thermostats and baby monitors. Passwords, proprietary information, and even encrypted communications can be uncovered. Meltdown and Spectre will continue making 2018 headlines.
Let’s break it down
Meltdown and Spectre are flaws at the architecture level.
Meltdown affects every Intel and Qualcomm processor and ARM chip made after 1995. Meltdown is a bug that could allow an attacker to read kernel memory (the protected core of an operating system). It handles the memory and input/output device functions like keyboards, monitors, printers, speakers, and touchscreen.
Spectre affects Intel, AMD, ARM, and Qualcomm processors, exposing pretty much anything with a chip which broadens its reach to include mobile phones, voice assistants, game consoles, thermostats, and baby monitors to name a few. Spectre tricks applications into accidentally disclosing information that would normally be safe inside their protected memory area.
Can it be fixed?
Intel has released patches for Meltdown processors and is working with numerous manufacturers like Apple and HP to distribute them. Patches are already available for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux.
Spectre is far more difficult to patch. Browsers like Chrome, Firefox, and Edge/Internet Explorer all have preliminary Spectre patches.
Want to learn more?Listen to our latest webinar on Meltdown and Spectre >>
What can business do?
Follow the 3-2-1 best practice for backup and recovery. Keep at least three copies of your data. That includes the original copy and at least two backups. Keep the backed up data in two storage types. And keep at least one copy offsite.
Having good backups doesn’t prevent hackers from targeting these vulnerabilities, but it can certainly give you the peace of mind by being able to restore to an environment without vulnerabilities.