Skip to content

Trending tags

Meltdown and Spectre: Two things you need to know

Adam Pilkey

04.01.18 2 min. read

We’re only four days into 2018, and cyber security is already dominating headlines. Earlier today, multiple news outlets reported on the discovery of vulnerabilities in chips from Intel, AMD, and ARM.

The vulnerabilities – dubbed Meltdown and Spectre – are fairly serious. An attacker can use them to steal all kinds of information, including things like passwords, encryption keys, user data, and more. And the vulnerable chips are used in many devices. For example, the BBC reports that Intel chips are used in 80 percent of desktops and 90 percent of laptops.

In practical terms, the widespread use of the vulnerable chips means the issue affects nearly everyone.

With that being said, the situation is not serious enough for you to throw your devices out the window and stop using the internet. Here’s a couple of things end users should keep in mind.

Nobody’s exploiting these vulnerabilities…yet

As of now, there are no reports of actual attackers exploiting these vulnerabilities. And that’s good. Everything known so far is based on information and proof-of-concepts published by security researchers.

However, that doesn’t mean that attackers won’t use them in the future, so it’s important for people to be aware of and take steps to protect themselves.

Which brings up the second point…

Updates are on the way, but things could get messy

Fixing vulnerabilities in chips with software isn’t easy. But that’s what’s happening now. Many operating systems already have updates available. But updates can be messy. For example, Microsoft announced today that its update may have compatibility issues with some antivirus software (F-Secure has already updated our products to ensure they’re compatible), which can delay the update process for end users.

According to F-Secure’s Chief Technology Officer Mika Stahlberg, mitigating the vulnerability can have far-reaching consequences, potentially making Meltdown and Spectre impactful even if they’re never used by attackers.

“What makes these vulnerabilities so interesting and dire is the fact that they’re about CPU optimization. Securing this logic requires hardware changes or changes to related software logic — both of which can hurt performance and increase cost of computing,” says Mika. “The impact on operating environments alone could be enough to make these the most expensive vulnerabilities in history, even if there are no real world attacks.”

Adam Pilkey

04.01.18 2 min. read

Categories

Comments

4 comments on Meltdown and Spectre: Two things you need to know
  1. Friedrich Obermaier says:

    Hello,
    what would be most intersting for me (and for my customers) is the question, whether f-secure Antivirus software (PSB) would be able to detect and block attacks via Meltdown and Spectre.
    Regards,
    Friedrich

  2. Jason says:

    Yes, all of our products have been updated against the vulnerability.

  3. AD says:

    Please also clarify below:

    [1] Is F-Secure compatible with Microsoft Patch released for this vulnerability?

    [2] What all versions of F-Secure AV are tested for compatibility with MS Patch for this vulnerability?

    [3] Does F-Secure auto -updates the registry settings as done by other AV vendors or require manual update by us?

  4. Jason says:

    1) Yes.
    2) All of our AV products.
    3) We updated the registry settings.

Comments are closed.

Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Highlighted article

Attack Landscape of 2018, So Far

Melissa Michael

06.09.18

3 min. read

Related posts

Newsletter modal

Thanks for subscribing to our newsletter!

Gated Content modal

Congratulations – You can now access the content by clicking the button below.