USA TODAY International Edition

Big computer security flaw has hidden value

- Rob Pegoraro

Learning that almost every computer you own suffers from a vulnerabil­ity stretching back decades can be the stuff of existentia­l electronic dread.

But while the processor flaws called “Meltdown” and “Spectre” that could let an attacker start to snoop on the most secure contents of your device’s memory are spookier than the average glitch, your odds of getting hit by them are much lower than your chances of being targeted by less exciting but more common hacking tactics.

The relative good news: All the security chores users should do to protect against these risks, which affect nearly all PCs, Macs and many smartphone­s — starting with letting your computer and phone install security updates automatica­lly — will help protect against those more ordinary dangers, too.

In one way, this situation is better than other software bugs. The researcher­s who discovered these problems began notifying the companies involved last summer, so some patches for them arrived weeks before the public disclosure Wednesday and others arrived within two days of that news.

❚ Mac, iPhone and iPad user: Apple included code mitigating Meltdown — the bug confined to Intel chips, which is both easier to exploit and easier to patch — in updates to iOS 11 and macOS High Sierra that shipped in December. It says it will deliver a patch for the mobile and desktop versions of its Safari Web browser “in the coming days” for Spectre, a more complicate­d vulnerabil­ity that affects AMD and ARM chips as well as Intel’s, to complicate a hostile site’s attempts to attack that flaw.

❚ Microsoft users: Microsoft shipped its patch for Windows 10 as well as its Internet Explorer and Edge browsers Jan. 3 via its automatic Windows Update system, with patches for older versions coming next week.

❚ Android, Chrome users: Google patched Android against Meltdown and Spectre in January’s security updates, which should be on their way to your phone if they haven’t already landed. The catch: Too many Android device vendors remain terrible at keeping up with Google’s updates. Google will also ship an update to its Chrome browser in January to obstruct attempts to exploit these flaws.

❚ Firefox browser users: Mozilla Firefox shipped an update Thursday that includes fixes to jam Meltdown or Spectre exploits.

While you’re tinkering with browsers, you should also take advantage of this opportunit­y to dump outdated and unsafe browser plug-ins such as Adobe Flash.

?? AP FILE PHOTO ?? As scary as Meltdown and Spectre may seem, they don’t represent the first time we’ve had to clean up a computing mess — and probably won’t be the last.
AP FILE PHOTO As scary as Meltdown and Spectre may seem, they don’t represent the first time we’ve had to clean up a computing mess — and probably won’t be the last.

Newspapers in English

Newspapers from United States