Meltdown and Spectre are two major flaws in computer processors that leak sensitive data and passwords. These bugs could be exploited by cyber criminals to steal your sensitive data.
These flaws have existed in modern processors for 20 years, but it was recently discovered that virtually all computers and mobile devices are affected by the bugs.
What Do Meltdown and Spectre Do?
According to the original research publication:
“Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.”
“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.”
For further reading, visit https://meltdownattack.com/.
Are Attacks Happening Now?
Not yet, but expect them to start soon.
Most experts agree that although there is no evidence of hackers exploiting these vulnerabilities yet, it will only be a matter of time before attempts are made.
What Should You Do About It?
Make sure that all of your computers, including smartphones, are updated as soon as possible. Use precaution when receiving suspicious emails or browsing the internet, and avoid side loading apps onto your smartphones from third party sources.
Check Microsoft, Apple, Google, Antivirus Vendors, and other providers for the latest information. Microsoft, Apple, and Google have all released patches to help mitigate bugs.
Due to the nature of the security updates, your AV software could cause problems so make sure to check compatibility with them as well.
What Is CBC Doing?
We are verifying with our vendors that they are mitigating the risks. We are testing and deploying updates on our systems as well.