Google Chromebooks self update. The difficulty is that Variant 1 affects individual software binaries, so it must be handled by discovering and addressing exploits within each binary.
And that is what distinguishes them from previous security alerts that have tended to involve software rather than hardware.
Potentially everything that's got a central processing unit or CPU, which means PCs, Macs, laptops, smart phones and tablets. If you own a system from a different company, you'll need to check for firmware updates using a separate utility, like Lenovo Solution Center or Dell Update. But when it comes to updating your hardware, you may find yourself in Update Hell.
The industry has issued emergency operating system security updates against Meltdown, which should be installed to protect computers and devices when they become available. The upgrades come via auto updates. The UK's National Cyber Security Centre said there was no evidence that the vulnerability had been exploited.
"Any patch they do is a kluge", he said.
The vulnerabilities also affect the cloud systems of Amazon, Google and Apple. "Vulnerable systems will likely remain in operation for decades".
Intel, which makes most of the chips used in PCs, is the most heavily affected.
Researchers from Google's Project Zero team have revealed serious issues in a vast array of chips across multiple manufacturers.
Amazon Web Services (AWS) also said it was made aware of the research around the bug past year, referring to it as a "side-channel analysis of speculative execution on modern computer processors [namely] CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754".
Michael Schwartz, an IT expert quoted in German daily Tagesspiegel Friday, said that a hacker must find out which programmes are now running before triggering an assault, "which is why it's not that easy to launch mass attacks".
This isn't to say you should immediately turn your computers and phones off and not use them for a few years. Intel also says it is working with partners and others to fix these issues. They have been given the James Bond-esque names Meltdown and Spectre. Overall, the security of the average Internet-of-Things device is so bad that this attack is in the noise compared to the previously known risks.
It's something no one had realized was an issue for 20-some years.
In the computer, it could be that you go to the banking section of your password management program. Some customers may worry that they have not been protected since they were not asked to reboot their instance.
Meltdown allows full access to the protected memory space, so it's potentially more risky. The update will appear there when it is available.
Spectre allows malicious code to trick access random portions of the protected memory. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.
How much could the hackers see?These exploits are not a denial of service attack or a network attack. Although for very large data sets, that may be negatively impactful.
How did this exist for so long?Computer chips made by AMD, Qualcomm and ARM are also vulnerable to the security flaw. These aren't normal software vulnerabilities, where a patch fixes the problem and everyone can move on. Everything was supposed to be announced on January 9th.
Information about these flaws has been secretly circulating amongst the major IT companies for months as they researched the ramifications and coordinated updates. Rather, I'll focus on the higher-level issues affecting business and personal computer users.
However, Apple has not published any information on the security fixes for its computers and smartphones to date.