Serious security flaws discovered in CPUs. ALL Intel x86 and some AMD processors affected. These flaws allow hackers to break into computers and observe activities in realtime to get passwords, to break encryption and steal sensitive data.
The first CPU security flaw is Meltdown:
Meltdown affects potentially all out-of-order execution Intel processors since 1995, except Itanium and pre-2013 Atoms. It definitely affects out-of-order x86-64 Intel CPUs since 2011. There are workaround patches to kill off this vulnerability available now for Windows, and for Linux. Apple’s operating systems have also been patched. Installing and enabling the latest updates for your OS should bring in the fixes. If you’re a Windows Insider user, you’re likely already patched. Windows Server admins must enable the kernel-user space splitting feature once it is installed; it’s not on by default.
The second processor security flaw is Spectre:
Spectre allows, among other things, user-mode applications to extract information from other processes running on the same system. Alternatively, it can be used to extract information from its own process. Imagine malicious JavaScript in a webpage churning away using Spectre bugs to extract login cookies for other sites from the browser’s memory.
You must install OS patches, other software patches, and firmware/BIOS patches as they are released to protect your computer systems from Spectre and Meltdown exploits. Some software vendors have already released patches.
Using #Meltdown to steal passwords in real time #intelbug #kaiser #kpti /cc @mlqxyz @lavados @StefanMangard @yuvalyarom https://t.co/gX4CxfL1Ax pic.twitter.com/JbEvQSQraP
— Michael Schwarz (@misc0110) January 4, 2018
You can help prevent Chrome and Opera browsers being used to compromise your computer through the Spectre vulnerability by enabling Strict Site Per Process mode.
Opera
opera://flags/#enable-site-per-process
Chrome
chrome://flags/#enable-site-per-process
Firefox has released an update to mitigate the flaw.
More details at The Register: https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/