AMD

Earlier this month, computer security expects dropped a bombshell on the internet. A pair of vulnerabilities titled Spectre and Meltdown that date back to 1995 were putting a wide variety of computers, smartphones and internet browsers at risk.

Since then, companies like Microsoft and Apple, along with chip-makers like Intel and AMD, have been racing to release patches, but it hasn’t been the smoothest process. Over a week later, the effort to fix these exploits is far from finished. Here’s a rundown of what you need to know about the state of Spectre and Meltdown patches.

What Are Spectre and Meltdown?

If you’re still a little unclear about what these exploits actually do, here’s a quick explanation.

Spectre and Meltdown both rely on something called “speculative execution,” which is when your computer tries to guess what you’ll do next so it can perform that task faster. Because of the way this data is stored, it creates a vulnerability that could give hackers access to other private information on your computer.

Meltdown primarily affects Intel processors, which power a ton of computers including Apple’s MacBook lineup. Spectre, which actually refers to two separate vulnerabilities, can affect chips from Intel, AMD and ARM. That covers desktop computers as well as smartphones.

The Current State of Patches

For the most part, major companies like Google, Microsoft and Apple were able to get out ahead of these vulnerabilities before they were publicly announced. Apple released patches with macOS 10.13.12 and iOS 11.2 back in December. Earlier this month, Apple also patched its Safari browser with a new update. So as long as you’re running the latest Apple software you should be safe.

Microsoft’s efforts haven’t gone quite as smoothly. The company was actually forced to recall some versions of its patch, including the one for AMD chips, after they stopped some computers from working.

On the plus side, Microsoft already patched its Internet Explorer and Microsoft Edge browsers, and the company says Windows 10 is safer from Spectre and Meltdown than Windows 8.1 or 7. So it may finally be time to update your operating system if you haven’t already.

Google also released a fix for Spectre called Retpoline, and the company says a patch for its Chrome browser is coming on January 23. In the meantime the company suggests turning on site isolation as a stopgap solution. As for Android, Google claims that the latest version of its software is safe from Spectre, but if your device is too old to get the update you’re basically on your own.

Finally, if you’re using a Firefox browser there’s a patch for you to download, though the company also recommends enabling first-party isolation for extra protection.

What to Look Out For

If you’re still waiting for a patch to protect you from Spectre and Meltdown, there are a few things to watch out for.

Some hackers are already taking advantage of the situation to spread fake updates that actually install malware on your computer. It already happened in Germany, with phony emails designed to look like they were from a government agency. So don’t download any patches unless they come directly from a company you trust like Microsoft or Intel.

Ars Technica also warns that researchers are dangerously close to weaponizing Spectre and Meltdown, which means hackers are probably pretty close too. So if you’re still waiting for a patch, keep an eye out for any official updates that could keep you protected before it’s too late.

Read More


Meltdown and Spectre

Meltdown and Spectre. Vulnerabilities in modern computers leak passwords and sensitive data. Meltdown and Spectre exploit critical vulnerabilities in modern processors.

Spectre (security vulnerability) - Wikipedia

Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. On most processors, the speculative execution resulting from ...

Spectre and Meltdown Attacks - Schneier on Security

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side ...

GitHub - Eugnis/spectre-attack: Example of using revealed ...

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

New Spectre-like attack uses speculative execution to ...

The new attack is a natural counterpart to this original Spectre array bounds attack. The difference is that, instead of attempting to read an array element that doesn't exist, an attempt is made to write an array element that doesn't exist. Writing beyond the extents of an array is a well-known attack method, known as a buffer overflow.

Spectre-like attack exposes entire contents of Intel's SGX ...

Researchers at Ohio State University have created the SgxPectre attack, which is capable of reading all the contents of Intel SGX-powered secure enclaves.

New Spectre Attack Surfaces as Intel Rolls Out New Patch ...

New variants of Meltdown and Spectre are still surfacing as Intel plans to move to an extended release cycle for ...

Spectre Bug aka Spectre Attack - What you need to know ...

What is the Spectre bug aka Spectre attack? Like the Meltdown bug, the Spectre bug is a hardware bug in the form of a CPU design flaw. Unlike the Meltdown bug which only affects Intel processors, the Spectre bug impacts Intel, AMD, and some ARM (used in many smart phones and other mobile devices) processors.

Google and Microsoft Reveal New Spectre Attack

Security researchers from Google and Microsoft have found a new variant of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.

Spectre attack explained like you're five

Find out how a typical Spectre attack works in this video that simplifies the code & concept behind it. Even though there are many pre-requisites to explain how ...

Stanford Seminar - Exploiting modern microarchitectures: Meltdown, Spectre, & other hardware attacks

EE380: Computer Systems Colloquium Seminar Exploiting modern microarchitectures: Meltdown, Spectre, and other hardware attacks Speaker: Jon Masters, ...

Spectre Demo and Practical Malware Analysis

Demo of Spectre Attack on Ubuntu, and then a Practical Malware Analysis workshop, from a WASTC conference at Cisco on Jan 4, 2018 ...

Spectre

$12.99
1 new from $12.99
Set It Now
Amazon.com
as of September 19, 2018 6:02 pm

Features

ActorDave Bautista; Monica Bellucci; Daniel Craig; Ralph Fiennes; Naomis Harris
Audience RatingPG-13 (Parents Strongly Cautioned)
BindingPrime Video
CreatorJez Butterworth; John Logan; Neal Purvis; Robert Wade; Barbara Broccoli; Michael G. Wilson
DirectorSam Mendes
GenreAction/Adventure
Product GroupMovie
Product Type NameDOWNLOADABLE_MOVIE
Release Date2016-01-22
Running Time148
StudioMGM
TitleSpectre

Spectres

Set It Now
Amazon.com
as of September 19, 2018 6:02 pm

Features

ActorFrank Daniel Craven
Audience RatingNR (Not Rated)
BindingPrime Video
CreatorDan Barrios
DirectorDan Barrios
GenreThrillers
Product GroupMovie
Product Type NameDOWNLOADABLE_MOVIE
Running Time83
StudioSpartan Films
TitleSpectres

Spectre

$0.99
1 new from $0.99
Set It Now
Amazon.com
as of September 19, 2018 6:02 pm

Features

BindingMP3 Music
CreatorAlan Walker
Genredance-and-dj-music
LabelNCS
ManufacturerNCS
Product GroupDigital Music Album
Product Type NameDOWNLOADABLE_MUSIC_ALBUM
Publication Date2015-01-06
PublisherNCS
Release Date2015-01-06
Running Time230
StudioNCS
TitleSpectre

65W Type-C AC Charger Power Supply Adapter Cord For Apple Macbook/Dell/Xiaomi air/Huawei Matebook/HP Spectre/Thinkpad Nintendo Switch, Type C laptops, Type C Smart Phones (black)

$26.99
2 new from $15.00
1 used from $ 19.99
Free shipping
Set It Now
Amazon.com
as of September 19, 2018 6:02 pm

Features

  • 【Advanced Technology Fast Charge】: Its advanced technology automatically detects and delivers voltage and current based on your devices needs. Features the user-friendly Type C reversible connector for worry free connection at any orientation. Great for the travel, home or office.
  • 【Protection Features】: A new generation of Synchronous Rectifier controller ICs is used to obtain under-voltage protection and internal over-temperature protection. Its high level of integration allows the design of a cost-effective power supply with a very low number of external components. It passed the UL / CE / FCC / RoHS testing and was made with the highest quality materials.
  • 【Rated Power】: 65W, Input: 100V-240V 50-60Hz, Output: 5V/3A, 9V/3A, 12V/3A, 15V/3A, 20.3V/3A, 20V/3.25A 65W. Connecter Size: USB Type-C. Quick Charge, Slim, lightweight design, Simplifies storage.
  • 【Compatible models】Great Replacement Up to 65W Charger for Apple MacBook/Pro, Lenovo, ASUS, Acer, Dell, Xiaomi Air, Huawei Matebook, HP Spectre, Thinkpad, Razer, Google, LG, New Nokia N1 tablet and Any Other Laptops or Smart Phones with the USB C
  • 【WHAT YOU GET】: One Llamatec Type C Adapter Charger and One 6ft usb c cable. And Llamatec provides 1 year Warranty, 1 month money return guarantee and 24H x 7 email support.

On Her Majesty's Secret Service

Set It Now
Amazon.com
as of September 19, 2018 6:02 pm

Features

ActorGeorge Lazenby; Diana Rigg
Audience RatingPG (Parental Guidance Suggested)
BindingPrime Video
DirectorPeter Hunt
GenreAction
Product GroupMovie
Product Type NameDOWNLOADABLE_MOVIE
Running Time142
TitleOn Her Majesty's Secret Service

Tomorrow Never Dies

$13.99
1 new from $13.99
Set It Now
Amazon.com
as of September 19, 2018 6:02 pm

Features

ActorPierce Brosnan (James Bond); Jonathan Pryce (Elliot Carver); Michelle Yeoh (Wai Lin); Teri Hatcher (Paris Carver); Joe Don Baker (Wade)
Audience RatingPG-13 (Parental Guidance Suggested)
BindingPrime Video
CreatorBruce Fierstein (Writer); Ian Fleming (Characters); David Arnold (Original Music); Barbara Broccoli; Michael G. Wilson
DirectorRoger Spottiswoode
GenreAction/Adventure
Product GroupMovie
Product Type NameDOWNLOADABLE_MOVIE
Release Date2012-09-25
Running Time119
StudioMGM
TitleTomorrow Never Dies