These exploits take advantage of the inherent design flaws in CPUs that allow programs and code to access privileged memory of a processor. I’ve written about in more detail in my previous article, so I won’t be digging deep in this Meltdown and Spectre protection. While there aren’t any reported instances of this dangerous attack in real-world scenarios, the flaw is too big to be ignored.
Meltdown and Spectre protection for PC and smartphone:
As expected, tech companies are already pushing out updates for Meltdown and Spectre protection and you can find them mentioned below:
Note: Most of these updates and advisories deal with fixing Meltdown flaw. As per the researchers, Spectre flaw exploit is largely unknown, and it’s more difficult to exploit and fix. It might need a processor redesign and hardware changes.
Microsoft has pushed updates for Windows 7, Windows 8.1, and Windows 10 operating systems. They are available for download, and you’re strongly advised to check Windows Update and install them.
However, not everything is expected to go smoothly here. Microsoft has said that many antivirus products aren’t compatible with the latest update. Moreover, Microsoft hasn’t told that which security software are incompatible; so, there’s that.
Thanks to an updating spreadsheet shared by security researcher Kevin Beaumont, you can find out incompatible antivirus. You can check it out and make the incompatible software work.
That’s not all. You also have to ensure that you have the latest BIOS update from your PC manufacturers like Dell, HP, Lenovo, etc., which could be found on your PC OEM website. Here’s an Intel link to make this process easier.
Microsoft and Intel have released a simple PowerShell tool to see if you’ve firmware and Windows updates installed to ensure Meltdown and Spectre protection.
Linux kernel developers have been actively working on the fixes for Meltdown for months, and Linux kernel patches are now available. Many distributions have the patches available and others are working to release them at the earliest. So, you’re advised to read advisories released by your distro vendor and update your CPU firmware as well.
To be specific, Ubuntu users can expect updated kernels from original embargoed disclosure date, i.e., Jan 9, 2018. Updates will be available for following kernels:
- Ubuntu 17.10 (Artful) — Linux 4.13 HWE
- Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
- Ubuntu 14.04 LTS (Trusty) — Linux 3.13
- Ubuntu 12.04 ESM** (Precise) — Linux 3.2
Apple has already released the patch to protect your Macs and iPhones from meltdown attack. The patches were released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. So, you’re advised to install these updates if you’re running behind the schedule.
Apple Watch is not affected by Meltdown. In the upcoming days, Apple is also expected to release a Safari fix against Spectre. The company further plans to push more Meltdown and Spectre protection updates in upcoming releases of iOS, macOS, and tvOS.
Since Google was the one discovering the flaw and disclosing, the company has the most detailed response and advisory on the web. If you’re a G Suite and Google Cloud customer, you’ve already been protected against the attacks.
For Android, Google has pushed the fix in January security patch for its own Android devices on January 2. If you’re running a non-Google smartphone, you’ll have to wait for the patches. It’s ironical that Google is the company that disclosed the flaw and many Android-running devices will be deprived of any patches due to their broken update delivery model.
In Chrome OS version 63 released on December 15, the flaw was patched. A patch for Chrome web browser will be released with Chrome 64 on January 23. You can also choose to turn on Site Isolation feature till then. Please note that it uses more memory.
Mozilla has also pushed latest browser updates to fix the issue. Don’t forget to install them to ensure Meltdown and Spectre protection.