Qualcomm is working on patches to address Meltdown and Spectre flaws

exploit
A so-called bug initially ascribed solely to Intel CPUs is actually a pair of exploits that, taken together, impact many of the CPUs being used in PCs, mobile devices, and data centers. The bugs now have names — Meltdown, which affects Intel processors, and, which is more widespread and affects CPUs from Intel, AMD, and ARM.

As Windows Central now reports, Intel has issued a statement indicating that the issue is not specifically a bug in Intel CPUs but rather an exploit that can be applied to all systems, including those with ARM and AMD processors.

“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel said in a statement. “Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

The issue is related to how programs access memory, specifically information that should only be accessible to the operating system kernel that maintains the highest level of privileges. The exploits are ones where malicious programs can access the protected kernel memory space and “see” information that should be locked away.

The full details, which are not yet available, are quite technical and relate to how a CPU moves in and out of protected kernel mode. The Google blog outlines the issue, which was discovered by its Google Project Zero team in 2017. The result is what matters: Keeping the kernel in virtual memory makes the process as fast as possible. If the CPU doesn’t have to dump and then reload the kernel, then it can achieve faster performance. Unfortunately, it also makes kernel contents vulnerable to being accessed by nefarious programs.

The fix for Meltdown, as The Guardian outlines, has to be implemented by the operating system in a process labeled Kernel Page Table Isolation (KPTI), which puts the kernel in an area of protected memory space that cannot be accessed by other programs. That creates extra processing steps — dumping and then reloading kernel data — that can slow things down, although, according to Intel, the impact is limited to specific workflows and typical users will not notice much impact. Machines using Intel’s Skylake or later CPUs will see less of an impact than older systems. Spectre will take longer to resolve but is also much more difficult to exploit.

All operating systems will need to implement some form of KPTI in order to bypass the bug and improve security. Microsoft has already issued an emergency patch, which it apparently had been testing in earlier Windows Insider builds, to address the issue. Google has also provided a fix in the latest Android security updates, which so far have primarily rolled out to Google’s Nexus and Pixel smartphones. More generally, ARM has provided patches to companies using its processors. Linux and MacOS will also need to be updated, meaning this is an equal-opportunity bug, although AMD has stated that there is “near zero risk to AMD products at this time.”

The fixes for the problem may degrade performance, but so far, it appears that problem isn’t cause for serious concern. TechRadar tested Windows after the patch, and found a difference of no more than 10 percent — in a few limited scenarios. In most cases, the difference was only 1 or 2 percent.

What can you do to protect your device?

Multiple companies are scrambling to fix the problem. Your best bet, as usual, is to keep your PC updated with any new drivers that become available.

Qualcomm has announced that its processors are also vulnerable to Meltdown and Spectre attacks. It told the Register that it was working on “incorporating and deploying mitigations” against the attacks. It advised users to update their device as soon as the updates became available.

Intel, in its statement, said that by the end of next week, “it expects to have issued updates for more than 90 percent of processor products introduced within the past five years.” These updates are not direct-to-consumer, however, but instead go out to OS vendors and hardware manufacturers. You’ll have to check with your PC’s manufacturer to see if any firmware updates have been issued.

Microsoft’s fix was released late on January 3. You can likely see it if you check Windows Update. If it’s missing, check our Windows 10 Update guide for advice on how to make the utility behave. Firmware updates have been issued for most Surface devices, too, though the original Surface Pro, Surface Pro 2, and Surface 3 haven’t seen a fix yet.

Apple has released a statement, saying “All Mac systems and iOS devices are affected, but there are no known exploits […]” The company has released “mitigation” for Meltdown in MacOS 10.13.2, iOS 11.2, and tvOS 11.2. The Spectre exploit, meanwhile, will be tackled in upcoming updates.

Firefox 57 and Chrome 64 will include updates that fix the flaw. Browsers are a popular attack vector for malware, so it’s important to update. Firefox’s patch is already available, and Chrome’s should come later this week.

Google Chromebooks should be protected, as fixes to the problem began to arrive in Chrome OS 63.

While the PC is the great concern due to the combined assault of the Meltdown and Spectre attacks, the Spectre flaw might also impact some AMD-based computers and some Android smartphones. It’s unclear to what extent the flaw works on these devices — but, as a general rule, you should keep your device’s operating system and software updated.

This is not a flaw you can counter by installing an antivirus or turning a feature off, which is what makes it so serious. Updating your device, whatever it is, is the only way to protect yourself — so make sure to check for the latest software and firmware.

Updated on January 6: Added information about Qualcomm’s vulnerabilities and work on security patches. 

Gaming

Fortnite’s adorable pets are no longer hands-off, thanks to latest update

The latest update for Fortnite rights a heinous wrong. Pets were introduced in Season 6, but players were unable to pet them. Update v8.40 fixes that so players can now pet whatever adopted creature other players have on their back.
Gaming

The best of the last generation: Our 50 favorite Xbox 360 games

The Xbox 360 thrived during a generation where games were plentiful. Here's our list of the best Xbox 360 games of all time, including all game genres and even a few special indie hits.
Gaming

How do Nintendo Switch, Xbox One X compare to each other? We find out

The Nintendo Switch is innovative enough to stand apart from traditional consoles, but could it become your primary gaming system? How does the Switch stack up against the Xbox One?
Mobile

Apple's iOS 13 will reportedly offer a systemwide Dark Mode and windowed apps

iOS 12 was a relatively large update to Apple's iPhone, but iOS 13 could be even bigger. Rumors have begun circulating about what we should expect from iOS 13, which suggest a much more productive operating system for both iPhone and iPad.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.
Computing

AMD’s 2020 Ryzen CPUs could have a big boost in power efficiency

The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to deliver impressive gains to performance and power efficiency.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.
Gaming

Transform into the ultimate leader with our tips and tricks for Civilization 6

Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you master the game's many intricacies.
Computing

The iPhone’s Screen Time and Siri Shortcuts could land on Macs this year

For its desktop computers, it appears that Apple may continue to draw from the iPhone for inspiration. iOS 12 features, like Screen Time and Siri Shortcuts, are believed to be making their way to MacOS this year at WWDC in June.
Computing

Dell slashes prices of XPS 13 and Alienware 17 laptops in latest promo

Dell's latest promotion will score you big savings on the XPS 13 or the Alienware 17. The stylish XPS 13's discount is for $430, and only the rose gold model is on sale, while gamers who choose the Alienware 17 will save $860.
Computing

Lenovo’s Yoga C930 sale drops a $650 discount on its 2TB SSD laptop

Lenovo is offering one of its 2-in-1 laptops at a $650 discount. This Lenovo Yoga C930 laptop comes with a 2TB solid-state drive, a digital pen, a fingerprint reader, and a Dolby Atmos sound bar.
Computing

You won't want to miss these deals on some of the best laptops around

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we have you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Deals

The best Amazon Prime Day 2019 deals: Everything you need to know

Amazon Prime Day 2019 is still a few months off, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.