By now, most people have heard about and , the nicknames for security flaws that make computers and other devices dating back to 1995 vulnerable to attacks.
But they may not know what do about it.
Google’s Project Zero team and since then, , and in that their software needs to be updated with available patches.
“Patch as soon as you can and not just your computer. These vulnerabilities can affect phones and devices like routers at home,” advised Ryan Sommers, manager of threat research for cybersecurity firm LogRhythm in Boulder. “…You wouldn’t necessarily know that you’ve been attacked just because your computer slows down, but after your bank account is drained.”
The bugs take advantage of processors from Intel Corp., AMD and ARM that handle millions of instructions per second. The flaw relies on a very small moment of time when a chip predicts what task must be done but then realizes it wasn’t needed, so it reverts back. But in that brief moment — called — malicious software can gain access to passwords, encryption keys and other data stored in the device’s memory.
Intel said it . And there are no reports yet of exploited security holes. Hardware and software makers are still scrambling to offer updates. And some antivirus software is preventing updates from installing, causing Microsoft to tell users to check with those companies first.
Broomfield-based Webroot said its SecureAnywhere antivirus software is compatible. The Microsoft fix is available at the . The company also will issue an update next week that automatically adjusts the compatibility setting.
The good news for consumers is that this impacts billions of devices so the industry is working on fixes for businesses and consumers.
“If there’s a takeaway to be had, particularly for local businesses, itap that everyone is on relatively equal footing with respect to these flaws. This is not a doomsday event,” said Keith McCammon, chief security officer and co-founder of Red Canary in Denver. “The information security community in Colorado is sizable and capable, and it shouldn’t be hard to find help or information if either if either is needed.”
Security professionals also advise updating all computer devices, including routers and smart watches. And after an update is installed, check back with the software and hardware makers for new releases. Here is what is available:
Windows: Updates are available now for Windows 7 SP1, 8.1 or 10. Use Windows Update to download the latest. Microsoft Surface users should get an update automatically.
Macs, iPhones, Apple TV: Apple for iOS, macOS and tvOS mitigate Meltdown but for Spectre, expect an update “in the coming days” for Safari on macOS and iOS. Apple Watch OS isn’t affected.
Android: Google’s own Pixel phones get updates automatically but owners may need to restart the phone. For other Android devices, go to “Settings,” then “System” and check “System Update.”
Google Chrome: The update for . Chromebooks need Chrome OS version 63, out since December. Older Chromebooks may not qualify for an update, but owners can check at
