Meltdown and Spectre (2018 January 4)
You may have seen news reports of computer processor vulnerabilities Meltdown and Sceptre.
You may have seen news reports of computer processor vulnerabilities Meltdown and Sceptre (What is it with hacks and doomy names? Why can't we have a vulnerability called Kittens or Forgetmenot? Hrumph.). If fully exploited, these vulnerabilities could cause significant damage.
If your OS – be it macOS, Windows or Linux – offers updates now or in the next few days, please don't delay in applying them.
There are no other actions necessary, or indeed possible, short of permitting such kernel updates when you are offered them.
For more notes, see:
- Press: Guardian and BBC
- imore (this is nominally about the vulnerabilities as they affect macOS and iOS machines, but it's a moderately technical article which provides details which are relevant to the other OSs, too -- there's not a lot of inter-OS difference in this case).
- Google Project Zero: If you want the gory details (which are quite entertaining, if you like that sort of thing), then Google's announcement is authoritative.
Status of mitigations:
- macOS: Apple has released mitigations for some of its OSs – namely iOS 11.2 and macOS 10.13.2 (sc, ‘High Sierra’), but not yet for 10.12, as of 7 January. These will appear in App Store.
- Windows: there are patches available for Windows 10, Windows 8.1, Windows 7 and Windows Server 2008. These should be automatically enabled on the desktop OSs.
- Linux: there are patches available for Ubuntu, Fedora, RedHat/CentOS and Debian.
- Android: these are based on ARM processors, so should be less vulnerable; you should nonetheless accept any available updates promptly.