By: Drew M. Smith
Security is important in this day and age. Every computer system should have security measures in place to prevent hacking and should be updated regularly. However what came out of Apple in the last two weeks should scare many people. They discovered vulnerabilities that under certain situations can allow a hacker to get in without much input.
The vulnerabilities, dubbed Spectre and Meltdown, sound like something out of a spy movie. These vulnerabilities affect pretty much every system that runs the Apple Internal Operating Systems (IOS). This vulnerability was discovered in June, but wasn’t revealed until the beginning of January because the researchers had taken that long to figure out a reliable patch for it. This is because they target a computer chips memory processor as opposed to its operating system or software.
Under normal circumstances, when you click onto something, the computer makes sure the clip your viewing is on its fastest memory or cache. This kernel constantly shifts between memories as you constantly browse the internet. This is where both vulnerabilities are able to affect your computer. Once infected, Meltdown tricks the processes to do extra work, allowing it to steal data discreetly. Spectre meanwhile merely observes the memory process in a way never thought possible.1
The reason why it took so long for these vulnerabilities to be revealed was because researchers took that long to come up with workable patches. There were two issues at heart that led to the extended delay on the patches. One is that, especially with the Meltdown vulnerability, they needed to create a patch which crossed multiple systems, such as iPhones, Macs, and even iPads; the Apple watches have shown not to have this issue. This issue was resolved with a patch that is being rolled out this week. The other issue unfortunately is a much bigger problem.
The Spectre vulnerability targets the memory processing, which is not a software issue but an issue of the computer chip, especially with Intel chips. Being a vital component of any computer system, it’s extremely difficult, if not impossible, to fix this issue completely without affecting a computer’s performance. To quote one researcher, “the ‘practicality’ of producing fixes for existing processors was ‘unknown." The issue is so prevalent across modern computers that the best fix in researcher’s minds is to produce brand new computers.
While the vulnerabilities seem dangerous, like many hacks, it only works if you let them in. Don’t open suspicious emails or links. Keep an eye on your accounts and never save passwords to various sites. Always update your computer to the latest patches to keep any new vulnerabilities from affecting you. Any losses resulting from this can be covered under a General Liability or Cyber Policy.