Qualcomm is working on patches to address Meltdown and Spectre flaws

exploit
A so-called bug initially ascribed solely to Intel CPUs is actually a pair of exploits that, taken together, impact many of the CPUs being used in PCs, mobile devices, and data centers. The bugs now have names — Meltdown, which affects Intel processors, and, which is more widespread and affects CPUs from Intel, AMD, and ARM.

As Windows Central now reports, Intel has issued a statement indicating that the issue is not specifically a bug in Intel CPUs but rather an exploit that can be applied to all systems, including those with ARM and AMD processors.

“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel said in a statement. “Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”

The issue is related to how programs access memory, specifically information that should only be accessible to the operating system kernel that maintains the highest level of privileges. The exploits are ones where malicious programs can access the protected kernel memory space and “see” information that should be locked away.

The full details, which are not yet available, are quite technical and relate to how a CPU moves in and out of protected kernel mode. The Google blog outlines the issue, which was discovered by its Google Project Zero team in 2017. The result is what matters: Keeping the kernel in virtual memory makes the process as fast as possible. If the CPU doesn’t have to dump and then reload the kernel, then it can achieve faster performance. Unfortunately, it also makes kernel contents vulnerable to being accessed by nefarious programs.

The fix for Meltdown, as The Guardian outlines, has to be implemented by the operating system in a process labeled Kernel Page Table Isolation (KPTI), which puts the kernel in an area of protected memory space that cannot be accessed by other programs. That creates extra processing steps — dumping and then reloading kernel data — that can slow things down, although, according to Intel, the impact is limited to specific workflows and typical users will not notice much impact. Machines using Intel’s Skylake or later CPUs will see less of an impact than older systems. Spectre will take longer to resolve but is also much more difficult to exploit.

All operating systems will need to implement some form of KPTI in order to bypass the bug and improve security. Microsoft has already issued an emergency patch, which it apparently had been testing in earlier Windows Insider builds, to address the issue. Google has also provided a fix in the latest Android security updates, which so far have primarily rolled out to Google’s Nexus and Pixel smartphones. More generally, ARM has provided patches to companies using its processors. Linux and MacOS will also need to be updated, meaning this is an equal-opportunity bug, although AMD has stated that there is “near zero risk to AMD products at this time.”

The fixes for the problem may degrade performance, but so far, it appears that problem isn’t cause for serious concern. TechRadar tested Windows after the patch, and found a difference of no more than 10 percent — in a few limited scenarios. In most cases, the difference was only 1 or 2 percent.

What can you do to protect your device?

Multiple companies are scrambling to fix the problem. Your best bet, as usual, is to keep your PC updated with any new drivers that become available.

Qualcomm has announced that its processors are also vulnerable to Meltdown and Spectre attacks. It told the Register that it was working on “incorporating and deploying mitigations” against the attacks. It advised users to update their device as soon as the updates became available.

Intel, in its statement, said that by the end of next week, “it expects to have issued updates for more than 90 percent of processor products introduced within the past five years.” These updates are not direct-to-consumer, however, but instead go out to OS vendors and hardware manufacturers. You’ll have to check with your PC’s manufacturer to see if any firmware updates have been issued.

Microsoft’s fix was released late on January 3. You can likely see it if you check Windows Update. If it’s missing, check our Windows 10 Update guide for advice on how to make the utility behave. Firmware updates have been issued for most Surface devices, too, though the original Surface Pro, Surface Pro 2, and Surface 3 haven’t seen a fix yet.

Apple has released a statement, saying “All Mac systems and iOS devices are affected, but there are no known exploits […]” The company has released “mitigation” for Meltdown in MacOS 10.13.2, iOS 11.2, and tvOS 11.2. The Spectre exploit, meanwhile, will be tackled in upcoming updates.

Firefox 57 and Chrome 64 will include updates that fix the flaw. Browsers are a popular attack vector for malware, so it’s important to update. Firefox’s patch is already available, and Chrome’s should come later this week.

Google Chromebooks should be protected, as fixes to the problem began to arrive in Chrome OS 63.

While the PC is the great concern due to the combined assault of the Meltdown and Spectre attacks, the Spectre flaw might also impact some AMD-based computers and some Android smartphones. It’s unclear to what extent the flaw works on these devices — but, as a general rule, you should keep your device’s operating system and software updated.

This is not a flaw you can counter by installing an antivirus or turning a feature off, which is what makes it so serious. Updating your device, whatever it is, is the only way to protect yourself — so make sure to check for the latest software and firmware.

Updated on January 6: Added information about Qualcomm’s vulnerabilities and work on security patches. 

Mobile

Leave the laptop at home, the iPad Pro is the travel buddy to take on vacay

The iPad Pro is a powerful tablet that's perfect for creatives and professionals. How does it fare when traveling with it as a laptop replacement? We took it on a two week trek in Japan to find out.
Computing

Latest Facebook bug exposed up to 6.8 million users’ private photos

An API bug recently left an impact on Facebook users. Though the issue has since been fixed, some of the apps on the platform had a wrongful access to consumers photos for 12 days between September 13 and September 25. 
Mobile

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Gaming

Xbox One S vs. PlayStation 4 Slim: Which console is worth your money?

Microsoft's new Xbox One S and Sony's PlayStation 4 "Slim" have bucked the generational gaming console trend. But which of these stopgap systems is worth spending your paycheck on?
Computing

5 reasons your Macbook keeps restarting and how to fix the issue

It can be frustrating when your Apple MacBook keeps restarting, but this serious problem can be fixed! We'll go over the common causes for this issue, what you can do to fix them, and why it's okay to take your Mac to a pro!
Computing

Does Qualcomm's latest laptop processor hold up against Intel's Core i5?

Qualcomm has been nipping at Intel's mobile CPU heels for years and now it might finally have overtaken it. To find out whether it's new SoC can hold its own in mid-range computing, we pitted the Snapdragon 8cx vs. Core i5.
Photography

Not just for Lightroom anymore, Loupedeck+ now works with Photoshop

Loupedeck+ can now help photographers edit in Photoshop too, thanks to physical controls for swapping tools, running actions, and more. The photo-editing console expanded to include Photoshop in the list of compatible editing programs.
Computing

Turn your Raspberry Pi into a Steam streaming hub with Valve’s Steam Link app

Valve's Steam Link app is now fully supported by Raspberry PI hardware, meaning that just about anyone with a few dollars to spare can build their own Steam streaming box in a matter of minutes.
Computing

Amazon takes $300 off Intel Core i7 Surface Pro 6 in latest sale

If you're looking for savings on the Surface Pro 6, Amazon is the place to shop. It currently is discounting the Intel Core i7 variant of Microsoft's latest 2-in-1 by $300, though no Type Cover is included.
Music

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Computing

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Computing

Don't keep typing the same thing -- learn to copy and paste with these shortcuts!

Looking for useful Windows keyboard shortcuts? The most common are the cut, copy, paste and undo shortcuts compatible with all kinds of tasks. They can save you an awful lot of time if you learn how to use them.
Computing

You can now get a Surface Laptop 2 for $800 at the Microsoft Store

Along with deals on other variants, starting configurations of Microsoft's Surface Laptop 2 are now going for $800 online at its retail store, cutting $200 from its usual $1,000 starting price. 
Computing

Need a monitor for professional photo-editing? These are the very best

Looking for the best monitor for photo editing? You'll need to factor in brightness, color accuracy, color gamut support and more. Fortunately, we've rounded up the best ones for you, to help you make an educated purchase.