Significant security flaws have been recently discovered which affect almost every computer manufactured in the past 10 years. This article provides information about the security flaws and ways you might protect your devices from exploitation.
What Are Meltdown/Spectre?
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Information Technology Services performs vulnerability scans daily on our network to ensure that we quickly identify risks as they become known. We are working to apply vendor patches to systems & devices as soon as they are available. ITS encourages users to check their personal devices for security updates, as they are often brought to campus & connected to our network. This will help us mitigate the risk from devices we do not control.
As a helpful reminder, rebooting all of your devices (both TTU & personal) daily flushes out the memory that was used during its previous use cycle. Rebooting when leaving for the day is an excellent way to mitigate potential risks, as well as a best practice for use.
Meltdown / Spectre official site link: https://meltdownattack.com/
You can find some frequently asked questions (FAQs) listed on the exploit's website: https://meltdownattack.com/#faq
They also show a few examples of the exploits working.