Authored by a Symantec employee
Spectre Next Generation — reportedly a new set of vulnerabilities in modern computer processors — could put your data at risk.
Heise, a German online computer publication, reported on the security issue in March 2018. It said eight new vulnerabilities had been identified.
The security flaws seem to pose the most risk to companies that provide cloud hosting or cloud services, according to the Heise report. Hackers may be able to gain access to data transfers and data.
What does this mean for you?
“The concrete danger for private individuals and corporate PCs is rather small, because there are usually other weak points which are easier to exploit,” the Heise report said. “Nevertheless, they should be taken seriously.”
Background on Spectre Next Generation
Spectre Next Generation, or Spectre NG, takes its name from a previously discovered vulnerability, Spectre, which was first reported in 2017.
Spectre and Meltdown — another vulnerability discovered in processors in 2017 —have reportedly affected billions of devices.
Processor manufacturers typically release patches and updates for security flaws.
Patches for Spectre Next Generation are in the works, according to published reports. Two batches will be released: one as early as May 2018, the other in August 2018.
How do vulnerabilities like Spectre NG work?
The Meltdown and Spectre processor vulnerabilities affect personal computers and mobile devices, as well as data processing in the cloud.
The hardware vulnerabilities can potentially allow programs to steal data that is being processed on the computer’s chip.
Programs typically are not permitted to read data from other programs. But a malicious program can exploit Meltdown and Spectre to access data stored in the memory of other running programs.
Here are the types of information hackers might be able to access:
- Passwords stored in a password manager or browser
- Personal photos
- Instant messages
- Documents containing personal information
How to help protect against these vulnerabilities
Upcoming Spectre NG updates should be installed quickly after their release.
Norton can help users protect against some instances of threats like these. If you run into any issues installing patches, you should first make sure your Norton product definitions are up to date, then apply operating system patches immediately afterward.
Work continues by all parties to harden the software against any potential exploits.
How to help protect cloud data
Spectre, Meltdown, and Spectre Next Generation security flaws also affect the cloud. Cloud data is stored on physical servers that may use vulnerable processors. That’s why some of these systems could become vulnerable to hacks.
It’s a good idea to check with the cloud storage provider to see if their systems are affected by a particular vulnerability. If so, ask your provider what to do to help protect important data.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone