contador pagina web Saltar al contenido

Specter and Meltdown: all our tips for updating your PC, Mac, Android and iPhone

Put an end to the two biggest flaws in high-tech

Image 1: Specter and Meltdown: all our tips for updating your PC, Mac, Android and iPhone

Very recently, two security vulnerabilities responding to the names of Spectrum and Meltdown have been discovered. They could have gone completely unnoticed, like 99% of their colleagues that security experts discover daily. But it is not because it is really of the two biggest security breaches in the history of high-tech. They make individuals and businesses tremble, and rarely, in terms of IT security, we had seen that. If antivirus companies too often want to be alarmist – as we know, this is a maneuver generally intended to boost the sales of their solutions -, this time, it is rightly so.

But what is Specter and Meltdown, by the way?

  • Meltdown, which means collapse, is aptly named. This flaw makes any system that is based on speculative execution vulnerable? All current CPUs! Concretely, what is it? This technology allows a processor to proactively calculate multiple tasks that it may be able to perform. The big problem is that access rights in this kind of situation are not controlled. An exploit would therefore intercept all the data generated during a speculative execution, without the knowledge of course of the user.
  • Specter, for its part, provides access to a machine by acquiring administrator privileges. Again, a hacker could take control of a PC or smartphone, without the user even realizing it, and then steal all the information recorded or in transit in the device.

>> Antivirus: what is the best security suite?

What consequences?

For now, it is still a bit early to judge the real fallout from such a security breach: no real use of this exploit by hackers has yet been discovered. But nothing says that it has not already been done, and there is any probability that hackers are currently working on the implementation of malware exploiting the discovery of Meltdown and Specter. The consequences of such an exploit could be catastrophic: a hacker could completely take control of a computer, a smartphone or any connected object. He could elevate his privileges, install whatever he wants, and obviously steal all the data from the user without him noticing. But that could go even further, since in the worst-case scenario, some people already imagine that a hacker could take control of the computers of the administration, air traffic control, the army, etc.

Who is affected?

All devices based on AMD, Intel or ARM processors are affected. Clearly, the two flaws affect all computers and smartphones of the last ten or fifteen years, or even more. And it’s not just these devices that are affected, since all connected devices using such processors are affected: TV or connected speakers, game consoles, etc. Everyone is staying in the same boat. And no matter what operating system you use: whether it’s Windows, mac OS or Linux on your computer, or Android and iOS on your smartphone, these two flaws concern absolutely everything the world. So unless you are still using an Amstrad CPC or Commodore 64, it is almost impossible to escape it.

How to patch your computer or smartphone?

The solutions intended to counter Specter and Meltdown, although freshly born, are already multiple, as we will see in the following pages: updating the BIOS of the machine, the operating system, the browser or even the security solution? All manufacturers and publishers are on the warpath. In some cases, however, you will not be able to fill the flaw as it should be, especially if your processor or your motherboard are too old and they are no longer supported by the manufacturer. A very good example is that of Asus, which promises to provide a patch for 6th, 7th and 8th generation Intel CPUs, but not for the older ones, which are however equally affected by Specter and Meltdown.

However, once the patch is applied, the performance of your device could be affected. We are indeed announcing a loss of around 5 to 20% depending on the models and software used, or even more in a few rare cases.