Blog Image

Fixing Spectre Through OS Updates

In January 2018, CPU level vulnerability – namely Spectre – impacts the IT world, leaving almost 100% of computer processors around the globe vulnerable to sensitive data attacks, such as passwords, photos, emails, addresses, confidential documents, etc.

Spectre vulnerability can be hard to fix as it requires time and proper workaround.

Fortunately, some patches have officially taken off. Yet, the bad news is that since such huge numbers of companies are included – from chip providers and PC makers to working system companies – figuring out if your PC is completely secured isn’t clear. At present, there are a couple of isolated strategies to take after to sustain your device, depending on which operating system you have.

For Windows Users

Cumulative security update was already released by Microsoft. It offers software-level protection against speculative execution, which should take off automatically to systems running Windows 10. To check if your computer is up to date, go to start menu, click settings, and click on Windows Update.

However, Microsoft noted that the mitigations may have some performance impact to your computer. The specific impacts will vary on what hardware generation your chip has. Microsoft clarifies that they value the security of their products and services, causing them to implement certain mitigation techniques in an effort for better security. And they are also working together with hardware vendors to increase performance without sacrificing the high level of security in their products.

For MacOS and iOS Users

To address the Meltdown vulnerability, Apple actually started taking off patches by means of updates to iOS, macOS, and tvOS beginning in December 2017. Apple released another patch on Jan. 8, 2018:

  • The latest version of iOS is 11.3.1;
  • The latest version of macOS is 10.13.4;
  • The latest version of tvOS is 11.3.; and
  • The latest version of watchOS is 4.3.

Luckily, the fixes brought about “no quantifiable reduction in the performance of macOS and iOS,” the company said in an announcement. Nonetheless, Apple is still creating future OS-based shields that will address the Specter vulnerability.

For Chrome OS Users

Google specialists revealed that, for Specter Variant 1 attack, hackers can manhandle the eBPF feature in the Linux kernel, yet Chrome OS disables eBPF, running on ARM-based systems are not affected by Spectre vulnerability.

For Android Users

The Android 2018-01-05 Security Patch Level is the main fix for speculative execution. Google’s Pixel phone will get it automatically, while owners of other Android gadgets are helpless before their device manufacturers and remote carriers, which decide when updates are taken off.

For Linux Users

The most recent version of the Linux kernel, 4.16, has arrived, carrying with it more fixes for the Specter and Meltdown flaws.

A “normal and entirely boring release cycle” is being sought after by Linus Torvalds, maker of Linux, for 4.16 after the excitement of the last Linux discharge, 4.15, being dominated by Spectre and Meltdown patches.

Found it helpful? For more guidance, you can check our IT Security services to help you to dominate and get rid of aforementioned vulnerability. Just relax. Don’t panic. And let our quality driven IT experts handle the problem.