The New Jersey State Bar Association issued a reminder today to its members about the gaps in IT security stemming from central processing units named Meltdown and Spectre.
Meltdown affects laptops, desktop computers and internet servers with Intel chips, while Spectre potentially has a wider reach and affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD. The bugs allow hackers to potentially read information stored on a computer memory and steal information like passwords or credit card data.
Device makers and operating system providers have had time to try to fix this, and Microsoft, Apple and Linux, the three major operating system makers, are all issuing patches. At this time it is advisable to make certain all software that you use is updated to the current version provided by the manufacturer.
According to the BBC, here are the actions taken by three major software providers:
Apple:
Apple has said that all Macs, iPhones and iPads are affected by Meltdown, but Macs running the latest version of macOS, numbered 10.13.2, are safe. The same is true for the latest iOS version 11.2, which is used on iPhones and iPads. Finally, Apple said it will release updates to mitigate against Spectre "in the coming days."
Microsoft:
Microsoft released an emergency Meltdown patch for Windows 10 via Windows Update. This will subsequently also be applied to Windows 7 and 8 machines.
Google:
Google said Android phones with the most recent security updates are protected, and users of web services like Gmail are also safe. Chromebook users on older versions will need to install an update when it comes. Chrome web browser users are expected to receive a patch later this month.
Meltdown, Spectre and Phishing:
Some hackers are using the Meltdown and Spectre exploits to try to trick you into downloading malware that claims to be a patch for the "Meltdown" and "Spectre" hardware issue. It is advisable to not act on any emails or popups that tell you to urgently update your computer. However, updates provided directly through Microsoft, Apple, Google, or other trusted sources, can be made.
Please note that patches should only come from official sources like the manufacturer of your PC or the developers of your operating system and that the NJSBA will never ask you to wire funds.