Recent complex vulnerabilities in top-tier computer devices, iPhones, Windows PCs, Android devices and other gadgets have sent companies and individuals alike in a tailspin. A critical security flaw has been detected in processor chips that allow bottom barrel IT processes to have access to memory in the computer’s kernel – aka the most privileged IT process of the device.
Hackers could potentially exploit this issue giving them a clear path for installing malicious software to read memory through this new group of side-channel attacks and putting data, hardware and software at serious risk.
Here are the immediate steps you need to take to make sure your data and infrastructure are protected:
Make sure all your software on every device is up to date.
- Apple acknowledged on January 4 that all Apple devices were affected by one of the vulnerabilities – called Meltdown – but an update has been issued to fix these problems. For iPhones and iPads, visit Settings to make sure all devices are updated to versions 11.2. For Mac computers, look under “About this Mac” and look for version 10.13.2 or higher.
- Google’s open-source operating system makes patching a little more difficult. Google has announced they already protected their own line of Nexus and Pixel phones but have no control over how other manufacturers are receiving the fix. Users must turn on the “site isolation” feature, which is explained further on this Google support query: https://support.google.com/chrome/answer/7623121
- Microsoft has issued several patches that should update automatically to Windows operating systems. To make sure this has happened, visit the update history under Settings>Update & Security and look for Security Update for Windows (KB4056892).
Update your browsers.
- Mozilla Firefox and Apple Safari have both begun updating their respective browsers to protect against the Spectre vulnerability that exploits personal devices through commonly used web browsers.
- A January 23 update to Google Chrome should include Spectre mitigations. In the meantime, Google says Site Isolation – an experimental feature – could help right away. To turn on Site Isolation, paste chrome://flags/#enable-site-per-process into your Chrome browser and enable Strict Site Isolation. Finish by relaunching Chrome.
- Microsoft Edge and Explorer have also started working on Spectre mitigation which are included in their automatic Security Update for Windows (KB4056892).
Just to be safe, install an ad-blocking service.
- uBlock Origin can be installed to prevent websites from showing ads that may contain malicious code.
It’s not time to completely panic, however. Due to the complex nature of these new side-channel security attacks, most hackers will likely pass on implementing this kind of assault. Phishing techniques are still the number one hacking attempt being made today.