Hacked off ? Here’s what you need to know about malicious Meltdown and Spectre bugs
Q How do they work? A The bugs, which have been dubbed Meltdown and Spectre, involve malicious software gaining unauthorised access to a device’s memory or to another program by exploiting the way that computer processors – the central brains of a computer – handle tasks.
A device needs to be infected for this to happen, but this can be as easy as luring a user to a website running malicious code.
If the flaws are exploited, hackers can steal sensitive data like passwords, photographs and emails. Q Can they be fixed? A
Not easily. While many security holes are routinely dealt with by applying software updates, these are more worrying. Because they relate to the way the software works with the physical microchips: the only way to fully fix the bugs would be to replace the processors themselves with new ones.
The best that technology companies can do is to partially “patch” the problems to mitigate the ways the bugs are exploited.
However, it may take years until current hardware is phased out and safe replacements introduced. Q What can I do about it? A Consumers and businesses should check to see if their devices and software are up to date and apply updates as soon as they become available.
In the meantime, internet users should be extra vigilant about visiting untrustworthy websites or installing unauthorised programs. Q
Why do we only know now? A
Security researchers discovered the flaws and disclosed them last year to chip makers Intel, ARM and AMD, as well as technology companies. They have been working to create a fix. The flaws emerged this week on a technology website, before the planned release of the news.