Speed Reads

Spectre of Meltdown

Your Mac, PC, and smartphone are almost certainly compromised by two big security flaws

On Thursday, Apple said that Mac computers, iPhones, and iPads (but not Apple Watches) are vulnerable to two hard-to-fix security flaws that cybersecurity experts revealed Wednesday. Windows, Google, and other companies that make PCs, smartphones, servers, and tablets had already acknowledged that their own devices have the same issue. The flaws — given the villainous names Spectre and Meltdown — could be used by hackers to exploit the microprocessors, mostly made by Intel, in internet-connected devices to launch a "side-channel analysis attack" to steal files, passwords, photos, and other documents.

Intel, the dominant chipmaker, says the vulnerability has been in every microprocessor it has made since 1995, but apparently nobody realized the risk until a few months ago, when security researchers at Google, Cyberus Technology, Rambus, Data61, and universities in Austria, Australia, Pennsylvania, and Maryland independently hit upon the flaws. No hackers are known to have exploited the vulnerabilities. Both of them, but especially Spectre, are difficult to fix entirely because they're baked into the hardware, but all major tech companies have been rolling out software patches to mitigate the risk.

Shared servers that host cloud services are deemed the most at risk of infection, but security experts say consumers should update their Windows, Google, Apple, and other internet-connected devices to take advantage of the software patches and firmware updates being rushed out. "These will likely be modified as companies craft the best work-arounds, so it's not likely to be a one-time deal — update early and often!" USA Today advises. You can learn more about Spectre and Meltdown and read more about how to update specific devices at USA Today and The New York Times.