As OS developers work to release security patches, here’s what businesses need to know.
While bugs and vulnerabilities are generally known to be affecting the software or the operating systems on computers, two new vulnerabilities have since been detected which are related to the processors fitted on almost every system running to date.
These vulnerabilities, given the names Meltdown and Spectre, are highly threatening to the security of mainstream operating systems.
That’s why Apple and Google are working on releasing patches that can take care of these vulnerabilities.
The problem is serious for every type of user, but it’s especially resonant among businesses.
Since the flaws have been linked to operating system hardware, the Meltdown and Spectre vulnerabilities cannot be eliminated so easily.
The only way one can be sure that they are no longer facing any risk is when the new sets of chips are manufactured and devices are fitted with them.
Until then, only the correctional patches will take care of the handicap in most devices.
These vulnerabilities have not spared even high-end servers used by large corporate giants like Google and Amazon. And in terms of the operating system, Windows, iOS and Linux are all equally at risk.
In fact, Apple has publicly acknowledged that all Mac and iOS devices have been affected by Meltdown and Spectre.
Spectre More Hazardous
Of the two vulnerabilities, Spectre is being considered by experts as more threatening since there is no way for the manufacturers of PCs, desktops and laptops to mitigate the issue.
The processors are already made and cannot be repaired as they’re fitted onto the machines.
As mentioned, the chip makers will have to go back to their design table to rework hardware. But that is a long haul and until then, the tech industry is scrambling to issue updates and patches to protect the users of these devices.
Hackers Can Also Advance Their Techniques
But the users, whether corporate or individual, have to understand that there will be a parallel activity at the end by hackers and other unscrupulous elements waiting to strike.
They’re likely using the Spectre vulnerability to find ways of breaking into systems.
Cybersecurity experts admit that it’s more difficult to exploit a hardware vulnerability like Spectre than it is to exploit a software bug. But this is where it will be critical to be wary of what hackers are up to.
More on Meltdown
As far as the other vulnerability is concerned, Meltdown has been detected in Intel chips manufactured post-1995 and there are remedy patches available for the major operating systems in use.
However, there is a possibility the affected computer might be slowed down once these patches are deployed. The speed of the machine may be down by as much as 30 percent, according to one estimate.
A company like Intel, however, does not think the extent of the slowdown could entirely drastic. According to a press release from Intel, an average computer user may not experience such a serious drag.
The company has advised users to check with their operating system supplier—depending on whether your system is Windows, Mac or iOS-run—and update with the patches available.
OS Companies Defer on the Vulnerabilities
As indicated, Apple has acknowledged the existence of the Spectre and Meltdown vulnerabilities and has issued a statement that all its affected devices operating on iOS 11.2, macOS 10.13.2 and tvOS 11.2 have been provided with the updates to defend against Meltdown.
The company has also stated that they will keep releasing updates in future to address these and other vulnerabilities.
Additionally, Microsoft has also released updates to the related products.
The company confirmed that it is working with the chip makers Intel, AMD and Arm to ensure that their chip-related vulnerabilities are directly addressed.
Most of the other companies involved with the situation, directly or indirectly, have also issued appropriate statements, assuring their customers that the detected vulnerabilities are within their grasp to ensure their devices are protected.
Meanwhile, businesses will have to stay alert to the vulnerabilities in their systems.
They should contact their operating system developer and obtain the necessary updates to remain protected from security threats.