All recent processors suffer from two major security vulnerabilities. However, there are solutions to protect yourself from possible attacks, mainly by updating your OS.
The latest security flaws revealed by researchers at Google’s Project Zero affect virtually all Intel processors designed since 1995. And AMD or ARM chips can also be affected. These vulnerabilities therefore affect servers, desktops, laptops, smartphones, and tablets. In short, just about anything that has a processor!
Fortunately, operating system vendors are responding by offering fixes to prevent attacks or mitigate risk. Here is an overview of OS and browsers.
Windows
Microsoft has started rolling out fixes for different versions of Windows 10, as well as Windows 7 and Windows 8. These will be automatically installed as part of Windows Update and can also be downloaded from Microsoft’s site. To find the fix, type Windows 2018 in the search box. Click Latest Update to view the most recent updates and find the one that applies to you based on your version of Windows. Be careful, however, the patch can cause some problems with some antivirus. A list of compatible antiviruses is available in this document.
macOS and iOS
While waiting for the official response from Apple, security expert Alex Ionescu noticed that macOS already had a patch since version 10.13.2 released last month.
The question on everyone’s minds: Does MacOS fix the Intel #KPTI Issue? Why yes, yes it does. Say hello to the “Double Map” since 10.13.2 – and with some surprises in 10.13.3 (under Developer NDA so can’t talk / show you). CC @ i0n1c @ s1guza @patrickwardle pic.twitter.com/S1YJ9tMS63
– Alex Ionescu (@aionescu) January 3, 2018
Apple has since responded officially, specifying that all of its devices, except the Apple Watch, were affected. While waiting for an update of Safari and new security patches, the company recommends updating its devices (the current versions indeed reduce the impact of vulnerabilities) and only download applications from the App Store.
Linux
Linux kernel developers have released fixes that isolate the kernel in a completely separate memory address space. This process bears the acronym KPTI (Kernel Page Table Isolation).
Android
Google has just released a security patch for its Pixel and Nexus mobiles. It is therefore sufficient to update the system. On the other hand, it will be necessary to wait for the manufacturers of smartphones and tablets to decide to publish the patch for their devices. We therefore advise you to check regularly if a system update is available.
Firefox
From version 57, an internal function is modified and another deleted, to prevent their use for an attack. Mozilla plans a more elegant solution to correct the problem in a future version of its browser, but warns that its implementation will take time.
Chromium
From version 64, scheduled for January 23, the JavaScript engine is modified to prevent attacks. In the meantime, it is possible to activate an option called “Site Isolation”, which opens each website in a separate process. To activate it, type chrome: // flags / # enable-site-per-process in the address bar, then click on Activate for option Strict site isolation.
You must then restart Chrome.