
Thanks to an enormous security flaw, almost all the computer processors in the world are vulnerable to attack. Problems with processors built by Intel, AMD, and ARM are letting attackers access areas of your computer’s memory that ought to be secure. Fixing this problem could lead to slowdowns of up to 30 per cent. But don’t panic just yet – with a few updates, your computer should be just fine.
The bugs are called Meltdown and Spectre, and they exploit a process called “speculative execution”. This step allows a processor to predict what tasks it will have to execute and fetch the data that it will need ahead of time, speeding up tasks on your computer.
This can leave ostensibly secure data unprotected and allow programs to access the computer’s kernel, which has control over the whole system, without the usual security checks.
Advertisement
This could give software unlimited access to all the information on your computer. “It would be possible — we don’t know for sure — that code running in a web browser could access kernel memory directly, which would be of itself very bad and also subvert a lot of other protections against other possible weaknesses,” says at the University of Birmingham.
Getting rid of the bug
Computer firms are scrambling to come up with patches to protect computers against Meltdown, the more immediately dangerous of the two bugs.
Apple to mitigate the risk for its computers, phones, and smart TVs, all of which are affected. Patches for other operating systems like Linux and Windows are available too. Intel has also .
So no need to chuck your computer and smartphone out the window – if you want to keep your private information on your devices safe, install all the software updates you can on all the programs and apps that you have.
Because the patches will need to ditch fast data retrieval from the kernel in favour of a more secure but slower process, these updates may slow down certain functions on your computer by 5 to 30 per cent.
But , Intel dismissed reports that processing power will slow dramatically for anyone but major cloud computing firms. “Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” the statement said.
Spectre is harder for attackers to exploit than Meltdown, but that also means it’s harder to fix and might require a physical redesign of the processor rather than just a quick software update.
For now, it’s best just to update everything you can – and don’t install any programs you don’t completely trust. “This attack doesn’t allow a malicious actor to just waltz into a machine and do things: they have to be invited in first,” says Batten. “But that’s not a high barrier: getting a user to install and run an unprivileged program is not hard.”