Emerging Threats

Meltdown and Spectre vulnerabilities affect billions of devices

Authored by a Symantec employee


Spectre Next Generation — reportedly a new set of vulnerabilities in modern computer processors — could put your data at risk.

Heise, a German online computer publication, reported on the security issue in March 2018. It said eight new vulnerabilities had been identified.

A security suite that helps protect your devices.

Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 10 of your devices.

The security flaws seem to pose the most risk to companies that provide cloud hosting or cloud services, according to the Heise report. Hackers may be able to gain access to data transfers and data.

What does this mean for you?

“The concrete danger for private individuals and corporate PCs is rather small, because there are usually other weak points which are easier to exploit,” the Heise report said. “Nevertheless, they should be taken seriously.”

Background on Spectre Next Generation    

Spectre Next Generation, or Spectre NG, takes its name from a previously discovered vulnerability, Spectre, which was first reported in 2017.

Spectre and Meltdown — another vulnerability discovered in processors in 2017 —have reportedly affected billions of devices.

Processor manufacturers typically release patches and updates for security flaws.

Patches for Spectre Next Generation are in the works, according to published reports. Two batches will be released: one as early as May 2018, the other in August 2018.

How do vulnerabilities like Spectre NG work?

The Meltdown and Spectre processor vulnerabilities affect personal computers and mobile devices, as well as data processing in the cloud.

The hardware vulnerabilities can potentially allow programs to steal data that is being processed on the computer’s chip.

Programs typically are not permitted to read data from other programs. But a malicious program can exploit Meltdown and Spectre to access data stored in the memory of other running programs.

Here are the types of information hackers might be able to access:

  • Passwords stored in a password manager or browser
  • Personal photos
  • Emails
  • Instant messages
  • Documents containing personal information

How to help protect against these vulnerabilities

Upcoming Spectre NG updates should be installed quickly after their release.

Norton can help users protect against some instances of threats like these. If you run into any issues installing patches, you should first make sure your Norton product definitions are up to date, then apply operating system patches immediately afterward.

Updates have been released for Microsoft Windows, Apple macOS, and Linux to patch Meltdown. Spectre is reportedly more difficult to patch, but also more difficult to exploit.

Work continues by all parties to harden the software against any potential exploits.

How to help protect cloud data

Spectre, Meltdown, and Spectre Next Generation security flaws also affect the cloud. Cloud data is stored on physical servers that may use vulnerable processors. That’s why some of these systems could become vulnerable to hacks.

It’s a good idea to check with the cloud storage provider to see if their systems are affected by a particular vulnerability. If so, ask your provider what to do to help protect important data.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.