2018 kicked off with a bang security-wise due to the announcement of the serious Meltdown and Spectre flaws found in processors used by a wide range of computing devices and smartphones.
The story quickly developed from being a design flaw in Intel CPUs, that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory, to being also an issue for ARM and AMD chips.
To Apple’s credit they had already started to tackle the problems before the security issues were made public. MacOS 10.13.2, released last month, mitigated against the effects of Meltdown (which only affects only Intel processors), and iOS 11.2 tackled Spectre for iPad and iPhone users.
It really is important to keep browsers patched – as they are an obvious route through which an attacker could successfully execute code on your computer. That’s one of the reasons why I am also a strong advocate of users never venturing out onto the web without the added protection of an ad blocker.
It’s your computer, it’s your sensitive information, your passwords. Opening yourself up to some of the wildness that can lurk on websites and – in particular – poisoned ads, and allowing them to run code willy-nilly is a very dangerous game to play.
Even if Meltdown and Spectre have not been actively exploited as far as we know in malicious attacks, it still makes sense to protect against the problems as well as we can.
So, iPhone and iPad users can rest a little more easily today (provided they’ve applied the update, of course!).
Which leaves me wondering about those hundreds of millions of Android users, many of whom have been neglected for years without seeing hide nor hair of a security update.
My guess is that the latest and most expensive Android devices from leading vendors will receive an update in due course, but many others will be left in the lurch.
For more discussion on this topic, be sure to listen to this episode of the Smashing Security podcast: