Explained: What are ‘Meltdown’ and ‘Spectre’ and how do they affect you?

4 min read

You may have seen the names Meltdown and Spectre being thrown around in recent news articles. You may now be vaguely aware that basically every device manufactured is now vulnerable to these Meltdown and Spectre exploits. If you weren’t, pay attention. This is some freaky stuff coming up.

What is Meltdown?

meltdownMeltdown is a design flaw in most modern processors. It allows user applications to access protected memory that should only be available to the operating system. The processor was designed with a protected kernel memory that is supposed to only allow the operating system to access certain information along with the user application that owns the information.

For an example, a password field. Only your operating system and the application should know what you type into the password field. The operating system needs to know so that you can make changes to the field. The application that owns the password field needs to know the contents in order to verify your password is correct. Other user applications shouldn’t be able to access the data inside of the field. It was believed that if you were to type your password into your Spotify application, Facebook couldn’t access that information. Well, that is no longer the case. Any other application (even scripts being run on webpages) can access that “protected” information.

What is at risk?

Every desktop, laptop, tablet, phone, and even cloud computers that run an Intel processor are at risk. More specifically, any device that uses an Intel process that uses out-of-order execution is at risk. This includes just about every processor produced since 1995. So unless you are using a computer that is over 20 years old, you are probably at risk.

What should I do?

There is no way to tell if the Meltdown exploit has been used against you since it doesn’t leave behind any log files. It is unlikely the any antivirus software will be able to detect or prevent an attack.

Luckily, there are already patches out for the top operating systems that are at risk. Make sure that your devices are up-to-date. I know it is a pain to update your computers, but it is the only way to protect yourself.

When will it be fixed?

There is already patches out against Meltdown for Linux, Windows, and macOS. This isn’t all good news though. The fix causes system slowdowns anywhere from 5 to 30 percent.

What is Spectre?

spectreI have good news, and I have bad news. The bad news is that you already know Spectre is. As far as what Spectre does, it does the exact same thing as Meltdown. It allows attackers to access protected data. Not only that, but it affects more devices and is harder to prevent. The good news? It is harder to exploit as well, so attackers won’t have as easy of a time getting Spectre attacks set up as they will Meltdown attacks.

What is at risk?

Everything that is at risk to Meltdown. And everything else. So you thought you were safe because you are using an AMD processor? Nope, the sneaky ghost known as Spectre can still get you.

The research team that discovered these exploits have confirmed that the Spectre exploit works on Intel, AMD, and ARM processors. Basically, nobody and nothing is safe.

What should I do?

Make sure that you don’t visit any sketchy websites. It used to be that my advice is to be careful on sketchy sites. Well now you shouldn’t even visit them since visiting them allows the site to run a Javascript program that could be designed to take advantage of Spectre.

Also make sure that you don’t install or even download any sketchy files. Until fixes are released, stick to trusted applications and websites.

When will it be fixed?

Hopefully very soon. Work is underway to hopefully prevent Spectre exploits, but the patches will only prevent known exploits. Spectre (as well as Meltdown) are issues with how processors are designed, so as long as the hardware is still in use, they can still be exploited.

The patches will make Spectre harder to exploit, but not impossible.