Security researchers at Google Project Zero have recently announced two new major security issues, known as Meltdown and Spectre, that apply to all modern processors (CPUs – central processing units) and affect nearly all devices and operating systems.
This means that almost all computers, laptops, tablets, phones, etc. are affected. Currently no known exploits of these security issues have been reported. Microsoft, Apple, Google, etc. are actively working to issue patches to mitigate this exploit.
The Meltdown and Spectre security issues take advantage of the speculative execution feature in all modern processors. In simple terms, speculative execution is a feature that improves overall performance of a CPU by speculating as to what the application or operating system will do next. Speculative execution works in a highly protected space in the CPU. This area is not normally available to applications. These exploits have the potential to allow malware to circumvent these protections to expose nearly any data that passes through the CPU (passwords, encrypted communications, proprietary information, etc.)
Recommendations and Mitigations
Intellithought recommends end users keep their devices (PC, Mac, laptop, tablet, phone) updated with the latest security patches. Use a reputable anti-virus product (such as the anti-virus/anti-malware software available as part of Intellithought’s Phoenix Remote Monitoring and Management service) and keep the software up to date. Apply caution when visiting web sites or receiving emails from unknown senders, especially if the web site or email sender is requesting to install software.
Intellithought will be installing the necessary Microsoft Windows patches, when available, for those customers who utilize our Intellithought Phoenix Monitoring and Management service.
All customers should check for availability of updates on their mobile devices. Please contact Intellithought at firstname.lastname@example.org should you require any assistance with making certain that your computers and mobile devices are secure and up to date.
For further information please see the announcements from Microsoft and Apple.