CCEX Security Alert: Intel CPU Meltdown Bug
Security researchers recently discovered vulnerabilities in Intel and some ARM-based processors. These vulnerabilities allow rogue or malicious applications to access sensitive data stored in kernel memory. This data may include passwords, credit card numbers, and other personally identifiable information(PII). The vulnerability is in the hardware of the processor and cannot be fixed. Instead, operating system vendors like Microsoft, Apple, Google, and Linux have been developing a workaround that will disable some of the chip’s features. Unfortunately, this workaround may slow down processors anywhere from 5% to 20%.
Software fixes are in the process of being released and will be available through normal updates. Microsoft has already released patches for Windows 10 and Windows Server 2016. Currently, these patches must be manually applied as there are known incompatibles with some antivirus vendors. We expect these patches to be automatically deployed in the coming days. Apple released a patch today (Jan 8th) for iPhone/iPad in iOS update 11.2.2 and macOS High Sierra 10.13.2.
What should I do right now?
- Update your iPhone/iPad to iOS 11.2.2 (Settings -> General -> Software Update)
- Update your MAC to High Sierra 10.13.2 (App Store -> Updates)
- Windows 10 (Settings -> Update & Security -> Check for updates)
- Verify that your antivirus application is up to date and that your subscription has not expired. (Microsoft will block the patch from being installed if your antivirus is out of date.)
There are currently no known cases of this vulnerability being exploited in the wild, but expect there will be soon.
CCEX will keep you updated as more information becomes available.
By: Jeffrey Pena