Companies like Apple and Microsoft are rolling out fixes to protect against Spectre and Meltdown, two major flaws found in most computer chips that affect processors.
If you haven’t already, you’ll want to take action to protect your devices.
Researchers recently discovered these issues and unveiled the two-decade old flaws on Wednesday. The flaws affect modern processors including Intel (INTC), AMD and ARM that use “speculative execution” to enhance performance. Fixing the problems may slow a computer’s performance, experts say, especially on devices more than five years old.
Considering the issues affect virtually all processors, your computer and smartphone are likely impacted.
Some companies knew about the flaws ahead of the public release and got fixes ready, but they aren’t all available yet.
For now, there’s only one thing you can do: Update your devices and browser software when the updates are made available.
The good news is researchers and companies said there is no evidence of these flaws being exploited in the wild. However, it would be difficult to determine if a computer has been exploited because there doesn’t appear to be records saved in computer log files. It’s also not clear how easy it would be to exploit these flaws.
The vulnerabilities could allow a hacker to steal your passwords and other sensitive information.
Fixes: Available for iPhones, iPads, Macs, and Apple TV. Coming for Safari.
Apple (AAPL) said late Thursday all its Mac and iOS devices are affected by Spectre and Meltdown. The company already released mitigations against Meltdown in its most recent versions of iPhone, iPad, Mac, and Apple TV software. It is working on updates for Safari to protect users against Spectre and expects to release them “in the coming days.”
Check “Settings” on your iPhone and iPad and “Updates” in the Mac App Store to make sure your devices are up-to-date.
The Apple Watch is not affected by Meltdown or Spectre.
Fixes: Released for Android, Google Cloud, and pending for Chrome.
Android software released this week includes mitigations. People with Google-supported Android phones including Nexus and Pixel devices will get that update, but others will have to wait for security updates from their manufacturers. Google released those changes to its Android partners last month.
The next Chrome browser update to be released on January 23 will contain fixes. A fix was included in Chrome OS 63 in December, so up-to-date Chromebooks received protection. However, Google has a list of computers that won’t receive the update because they are older models.
Fixes: Released on Windows, servers, cloud, and Edge and Internet Explorer browsers.
Microsoft also provides guidance for consumers on its website.
The company already released updates for Windows 10, Windows 8.1, and Windows 7 operating systems. If you don’t have automatic updates turned on, go to Windows Settings to manually update.
However, you need to make sure your antivirus provider is compatible with the update. As tech website Cyberscoop reports, some computer security companies are scrambling to reconfigure their software so it works with Microsoft’s update.
PCs also require additional hardware protection, so companies will be issuing firmware updates. Microsoft (MSFT) said users should check with their computer manufacturers for more information.
The latest versions of Microsoft Edge and Internet Explorer include fixes for the bugs.
The most recent version of Firefox contains a fix for these flaws.
CNNMoney (San Francisco) First published January 5, 2018: 4:16 PM ET