Security researchers have detected and reported on critical technology vulnerabilities referred to as to “Meltdown,” Spectre,” and “IOHIDeous” flaws in recent weeks.
Meltdown and Spectre involve Mac and PC computing devices, like laptops, desktops, and mobile devices that have chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed via a memory leak.
The IOHIDeous flaw involves a defect in Mac operating systems that could allow an attacker to bypass administrator authentication without supplying the administrator’s password.
While these vulnerabilities affect a large number of devices, experts concede that exploiting these flaws would require a very high level of technical expertise and very specific circumstances. As of this moment, there is no evidence of active exploitations. Therefore, the risks are considered limited.
Nonetheless, technology manufactures and vendors have stated that they are working closely with each other and the public to develop, verify, and distribute an industry-wide approach to resolve these issues promptly and constructively.
As of January 5, 2018, some operating system and firmware patches have been released to address each of these vulnerabilities. Additional updates may be expected in the coming weeks.
Systems at Risk
o Apple – (https://support.apple.com/en-us/HT208331) Patches have been released for these flaws. To check your device, check for available updates in the App Store and download the latest version.
o Microsoft – (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892) To make sure your PC is protected, go to Settings > Update & security to check and see if the security fix is waiting in your update queue. If not, click on Update history or View installed update history to see if it was already installed.
o Android – (https://support.google.com/faqs/answer/7622138) According to Google, a new security update dated Jan. 5 will include "mitigations" to help protect your phone, and future updates will include more such fixes. If you've got a Google-branded phone, such as a Nexus 5X or Nexus 6P, your phone should automatically download the update, and you'll simply need to install it.
o Browsers - Mozilla, Microsoft and Apple each said they'll update their web browsers to reduce the threat of the new attack methods. Please be diligent in checking for updates.
The best way to protect yourself, your data, and your computer is to follow safe and secure practices at all times.
• Do not click links in emails or download attachments from unknown or suspicious senders
• Be mindful of links to internet videos, images, or games
• Refrain from saving website passwords in your browser
• Keep your anti-virus software updated and running
• Ensure you have installed all security patches and updates for your device
More information on these vulnerabilities: