Massive security vulnerabilities in modern CPUs are forcing a redesign of the kernel software at the heart of all major operating systems. Since the issues—dubbed Meltdown and Spectre—exist in the CPU hardware itself, Windows, Linux, Android, macOS, iOS, Chromebooks, and other operating systems all need to protect against the first exploits that have begun circulating.
Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU, or central processing unit. In both cases, attackers could see data that the processor temporarily makes available outside of the chip.
Here’s why that happens: To make computer processes run faster, a chip will essentially guess what information the computer needs to perform its next function. That’s called speculative execution. As the chip guesses, that sensitive information is momentarily easier to access.
One flaw, Spectre, would let attackers trick the processor into starting the speculative execution process. Then attackers could read the secret data the chip makes available as it tries to guess what function the computer will carry out next.
The other flaw, Meltdown, lets attackers access the secret information through a computer’s operating system.
Google says “effectively every” Intel processor released since 1995 is vulnerable to Meltdown, regardless of the OS you’re running or whether you have a desktop or laptop.
As chipmakers and computer companies roll out software updates, be sure to install them. As new vulnerabilites are discovered and exploited, it is vital to maintain your business hardware and software. That means you should keep your operating software, applications, and browsers updated as often as possible. Along with these efforts, look out for phishing emails. Emails that trick you into clicking on a link and downloading malicious software are still the No. 1 way for hackers to get a foothold on your computer.