The vulnerability of most modern processors gives you access to all your passwords and personal data

Yesterday, the Western media began to shake the news that almost all Intel processors, released in the last 20 years, exposed to serious vulnerabilities. Using it, hackers can gain access to all the logins and passwords, cached files, and any other personal data of users.

Which processors are at risk

Intel representatives have officially confirmed the existence of a threatIntel Responds to Security Research FindingsNoting also that the vulnerability affects other manufacturers. With this view agree and researchers from Google Project Zero. The ARM have reported that processors Cortex-A, used in smart phones, can be exposed to the threat, but the exact risk assessment requires more time. The AMD also recognized the danger of the situation, but at the same time declared "almost zero risk" for its processors.

What are the possible attack

Conventionally vulnerability allows two types of attacks, which are namedMeltdown and Spectre: Bugs in modern computers leak passwords and sensitive data Meltdown and Spectre.

Meltdown for the most part only applies to Intel chips and breaks the isolation between applications and the operating system kernel, due to which you can access all of the stored operating data.

Spectre also allows through local applications to access the content of other programs of virtual memory.

How to eliminate the vulnerability on your PC

Coping with the Meltdown is quite possible to programmatically, that is due to the so-called patches, which imposed a ban on the use of applications, the internal memory of the system. However, after this update general computer work can be delayed by 5-30%.

Microsoft has released the corresponding Windows Update 10And 9 January is expected to yield similar patches for other versions of Windows. Required update for Linux also come from the beginning of December. In MacOS 10.13.2, published last month, part of the Meltdown vulnerability has already been closed, but all the problem will probably be solved only with the next update.

On an issue and is actively working the Google, acknowledges that the attack is exposed and Chrome. Prior to release browser update, users are manually enable the function of isolating the sites from each other.

That with smartphones

As far as mobile devices, the risk of attack too, but on most gadgets vulnerability difficult reproducible. Yet fresh security patches from Google has already released for Nexus 5X, Nexus 6P, Pixel C, Pixel / XL and Pixel 2 / XL.

Manufacture of other smartphones, too, received the necessary patch. But the speed with which it will be sent to the gadgets - is unknown.

When the vulnerability is fully eliminated

If the situation with Meltdown with software updates will come to naught, then with Spectre everything is much more complicated. Ready-made software solutions for the moment no. According to preliminary data, in order to fully insure against this type of attack, you may need to change the architecture of the processor itself. In other words, the patch will not help here. The problem will be solved only in the next generation of chips.

What users

The only true solution to the problem for PC users and smartphone - operational installation of all available updates for the operating system and software. Do not delay download any available updates and do not forget to reboot your device after the update.

see also

Guide for the paranoid: how to avoid surveillance and data theft →

How to become a guru cybersecurity →

How to view saved passwords across browsers →